function do_post_savepage($formatter, $options) { global $DBInfo; if ($_SERVER['REQUEST_METHOD'] != 'POST' || !$DBInfo->security->writable($options)) { $options['title'] = _("Page is not writable"); $options['button_preview'] = 1; // force preview } if (isset($_FILES['upfile']) and is_array($_FILES) or isset($options['MYFILES']) and is_array($options['MYFILES'])) { $retstr = false; $options['retval'] =& $retstr; include_once 'plugin/UploadFile.php'; do_uploadfile($formatter, $options); } $savetext = $options['savetext']; $datestamp = $options['datestamp']; $hash = $options['hash']; $button_preview = !empty($options['button_preview']) ? 1 : 0; if ($button_preview) { $formatter->preview = 1; } $button_merge = !empty($options['button_merge']) ? 1 : 0; $button_merge = !empty($options['manual_merge']) ? 2 : $button_merge; $button_merge = !empty($options['force_merge']) ? 3 : $button_merge; $button_diff = !empty($options['button_changes']) ? 1 : 0; if ($button_diff) { $button_preview = 1; } $savetext = preg_replace("/\r\n|\r/", "\n", $savetext); $savetext = _stripslashes($savetext); $comment = _stripslashes($options['comment']); $comment = trim($comment); $section_savetext = ''; if (isset($options['section'])) { if ($formatter->page->exists()) { $sections = _get_sections($formatter->page->get_raw_body()); if ($sections[$options['section']]) { if (substr($savetext, -1) != "\n") { $savetext .= "\n"; } $sections[$options['section']] = $savetext; } $section_savetext = $savetext; $savetext = implode('', $sections); } } if ($savetext and $savetext[strlen($savetext) - 1] != "\n") { $savetext .= "\n"; } $new = md5($savetext); $menu = $formatter->link_to("#editor", _("Goto Editor"), ' class="preview-anchor"'); $diff = ''; if ($formatter->page->exists()) { # check difference $body = $formatter->page->get_raw_body(); $body = preg_replace("/\r\n|\r/", "\n", $body); $orig = md5($body); if ($orig == $new) { // same text. just update datestamp unset($options['datestamp']); $datestamp = $formatter->page->mtime(); } # check datestamp if ($formatter->page->mtime() > $datestamp) { $options['msg'] = sprintf(_("Someone else saved the page while you edited %s"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); $options['preview'] = 1; $options['conflict'] = 1; if ($button_merge) { $options['msg'] = sprintf(_("%s is merged with latest contents."), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); $options['title'] = sprintf(_("%s is merged successfully"), _html_escape($options['page'])); $merge = $formatter->get_merge($savetext); if (preg_grep('/^<<<<<<<$/', explode("\n", $merge))) { $options['conflict'] = 2; $options['title'] = sprintf(_("Merge conflicts are detected for %s !"), _html_escape($options['page'])); $options['msg'] = sprintf(_("Merge cancelled on %s."), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); $merge = preg_replace('/^>>>>>>>$/m', "=== /!\\ >>>>>>> " . _("NEW") . ' ===', $merge); $merge = preg_replace('/^<<<<<<<$/m', "=== /!\\ <<<<<<< " . _("OLD") . ' ===', $merge); $merge = preg_replace('/^=======$/m', "=== ======= ===", $merge); if ($button_merge > 1) { unset($options['datestamp']); unset($options['section']); unset($section_savetext); $datestamp = $formatter->page->mtime(); $options['conflict'] = 0; if ($button_merge == 2) { $options['title'] = sprintf(_("Get merge conflicts for %s"), _html_escape($options['page'])); $options['msg'] = sprintf(_("Please resolve conflicts manually.")); if ($merge) { $savetext = $merge; } } else { $options['title'] = sprintf(_("Force merging for %s !"), _html_escape($options['page'])); $options['msg'] = sprintf(_("Please be careful, you could damage useful information.")); } } } else { $options['conflict'] = 0; if ($merge) { // successfully merged. reset datestamp $savetext = $merge; unset($options['datestamp']); $datestamp = $formatter->page->mtime(); } } $button_preview = 1; } else { $options['title'] = _("Conflict error!"); $button_preview = 1; } if ($options['conflict'] and !empty($merge)) { $diff = $formatter->get_diff($merge); } else { $diff = $formatter->get_diff($savetext); } // get diff } else { if ($datestamp > time()) { $options['msg'] = sprintf(_("Go back or return to %s"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); $formatter->send_header("", $options); $formatter->send_title(_("Invalid access"), "", $options); $formatter->send_footer(); return; } else { if (!empty($DBInfo->use_savepage_hash)) { // check hash $ticket = getTicket($datestamp . $DBInfo->user->id, $_SERVER['REMOTE_ADDR']); if ($hash != md5($ticket)) { $formatter->send_header("", $options); $formatter->send_title(_("Invalid access"), "", $options); $formatter->send_footer(); return; } } } } } if (empty($button_preview) && !empty($orig) && $orig == $new) { $options['msg'] = sprintf(_("Go back or return to %s"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); $formatter->send_header("", $options); $formatter->send_title(_("No difference found"), "", $options); $formatter->send_footer(); return; } if ($comment && (function_exists('mb_strlen') and mb_strlen($comment, $DBInfo->charset) > 256) or strlen($comment) > 256) { //$options['msg']=sprintf(_("Go back or return to %s"),$formatter->link_tag($formatter->page->urlname,"",_html_escape($options['page']))); $options['title'] = _("Too long Comment"); $button_preview = 1; } // XXX captcha $use_any = 0; if (!empty($DBInfo->use_textbrowsers)) { if (is_string($DBInfo->use_textbrowsers)) { $use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0; } else { $use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0; } } $ok_ticket = 0; if (!$button_preview and !$use_any and !empty($DBInfo->use_ticket) and $options['id'] == 'Anonymous') { if ($options['__seed'] and $options['check']) { $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4); if ($mycheck == $options['check']) { $ok_ticket = 1; } else { $options['msg'] = _("Invalid ticket !"); $button_preview = 1; } } else { if (!$button_preview) { $options['msg'] = _("You need a ticket !"); } $button_preview = 1; } } else { $ok_ticket = 1; } // XXX if (!$button_preview and $DBInfo->spam_filter) { $text = $savetext; $fts = preg_split('/(\\||,)/', $DBInfo->spam_filter); foreach ($fts as $ft) { $text = $formatter->filter_repl($ft, $text, $options); } if ($text != $savetext) { $button_preview = 1; $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki."); } else { if ($options['id'] == 'Anonymous' and !empty($comment) and !empty($DBInfo->spam_comment_filter)) { // comment filter for anonymous users $cmt = $comment; $fts = preg_split('/(\\||,)/', $DBInfo->spam_comment_filter); // bad comments file $options['.badcontents'] = !empty($DBInfo->comments_badcontents) ? $DBInfo->comments_badcontents : null; foreach ($fts as $ft) { $cmt = $formatter->filter_repl($ft, $cmt, $options); } if ($cmt != $comment) { $button_preview = 1; $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki."); } } } } $formatter->page->set_raw_body($savetext); // check license agreement $ok_agreement = true; if (!empty($DBInfo->use_agreement)) { if ($options['id'] != 'Anonymous') { $ok_agreement = !empty($DBInfo->user->info['join_agreement']) && $DBInfo->user->info['join_agreement'] == 'agree'; if ($ok_agreement && !empty($DBInfo->agreement_version)) { $ok_agreement = $DBInfo->user->info['join_agreement_version'] == $DBInfo->agreement_version; } } else { $ok_agreement = false; } } if (empty($button_preview) && !$ok_agreement && empty($options['license_agree'])) { $button_preview = 1; if ($options['id'] == 'Anonymous') { $options['msg'] = _("Anonymous user have to agree the contribution agreement for this wiki."); } else { $options['msg'] = _("Sorry, you have to agree the contribution agreement or the join agreement of this wiki."); } } // check full permission to edit $full_permission = true; if (!empty($DBInfo->no_full_edit_permission) or $options['id'] == 'Anonymous' && !empty($DBInfo->anonymous_no_full_edit_permission)) { $full_permission = false; } // members always have full permission to edit if (in_array($options['id'], $DBInfo->members)) { $full_permission = true; } $minorfix = false; $options['editinfo'] = array(); if (!$full_permission || !empty($DBInfo->use_abusefilter)) { // get diff if (!isset($diff[0])) { $diff = $formatter->get_diff($savetext); } // get total line numbers // test \n or \r or \r\n $crlf = "\n"; if (preg_match("/(\r|\r\n|\n)\$/", $body, $match)) { $crlf = $match[1]; } // count crlf $nline = substr_count($body, $crlf); // count diff lines, chars $changes = diffcount_lines($diff, $DBInfo->charset); // set return values $added = $changes[0]; $deleted = $changes[1]; $added_chars = $changes[2]; $deleted_chars = $changes[3]; // check minorfix $minorfix = $changes[4]; $editinfo = array('add_lines' => $added, 'del_lines' => $deleted, 'add_chars' => $added_chars, 'del_chars' => $deleted_chars); $options['editinfo'] = $editinfo; if (!$button_diff) { $diff = ''; } } if (!$full_permission) { $restricted = false; $delete_lines_restricted_ratio = !empty($DBInfo->allowed_max_lines_delete_ratio) ? $DBInfo->allowed_max_lines_delete_ratio : 0.5; if ($deleted > 0 && $deleted / $nline > $delete_lines_restricted_ratio) { $restricted = true; } // check the maximum number of characters allowed to add/delete $max_chars_add = !empty($DBInfo->allowed_max_chars_add) ? $DBInfo->allowed_max_chars_add : 300; $max_chars_del = !empty($DBInfo->allowed_max_chars_delete) ? $DBInfo->allowed_max_chars_delete : 180; if (!$restricted && ($added_chars > $max_chars_add || $deleted_chars > $max_chars_del)) { $restricted = true; } if ($restricted) { $options['title'] = _("You do not have full permission to edit this page on this wiki."); if ($options['id'] == 'Anonymous') { $options['msg'] = _("Anonymous user is restricted to delete a lot amount of page on this wiki."); } else { $options['msg'] = _("You are restricted to delete a lot amount of page on this wiki."); } $button_preview = true; } } if ($button_preview) { if (empty($options['title'])) { $options['title'] = sprintf(_("Preview of %s"), _html_escape($options['page'])); } // http://stackoverflow.com/questions/1547884 $header = ''; if (!empty($DBInfo->preview_no_xss_protection)) { $header = 'X-XSS-Protection: 0'; } $formatter->send_header($header, $options); $formatter->send_title("", "", $options); $options['preview'] = 1; $options['datestamp'] = $datestamp; $savetext = $section_savetext ? $section_savetext : $savetext; $options['savetext'] = $savetext; $formatter->preview = 1; $has_form = false; $options['has_form'] =& $has_form; $options['.minorfix'] = $minorfix; print '<div id="editor_area_wrap">' . macro_EditText($formatter, '', $options); echo $formatter->get_javascripts(); if ($has_form and !empty($DBInfo->use_jsbuttons)) { $msg = _("Save"); $onclick = ' onclick="submit_all_forms()"'; $onclick1 = ' onclick="check_uploadform(this)"'; echo "<div id='save-buttons'>\n"; echo "<button type='button'{$onclick} tabindex='10'><span>{$msg}</span></button>\n"; echo "<button type='button'{$onclick1} tabindex='11' name='button_preview' value='1'><span>" . _("Preview") . '</span></button>'; if ($formatter->page->exists()) { echo "\n<button type='button'{$onclick1} tabindex='12' name='button_changes' value='1'><span>" . _("Show changes") . '</span></button>'; } if ($button_preview) { echo ' ' . $formatter->link_to('#preview', _("Skip to preview"), ' class="preview-anchor"'); } echo "</div>\n"; } print '</div>'; # XXX print $DBInfo->hr; print $menu; if ($button_diff and !isset($diff[0])) { $diff = $formatter->get_diff($options['section'] ? implode('', $sections) : $savetext); // get diff // strip diff header if (($p = strpos($diff, '@@')) !== false) { $diff = substr($diff, $p); } } if (isset($diff[0])) { echo "<div id='wikiDiffPreview'>\n"; echo $formatter->processor_repl('diff', $diff, $options); //echo $formatter->macro_repl('Diff','',array('text'=>$diff,'type'=>'fancy')); echo "</div>\n"; } print "<div id='wikiPreview'>\n"; #$formatter->preview=1; $formatter->send_page($savetext); $formatter->preview = 0; print $DBInfo->hr; print "</div>\n"; print $menu; } else { // check minorfix $options['.minorfix'] = $minorfix; if (empty($DBInfo->use_autodetect_minoredit)) { unset($options['.minorfix']); } if (!empty($options['category'])) { $savetext .= "----\n[[" . $options['category'] . "]]\n"; } $options['minor'] = !empty($DBInfo->use_minoredit) ? $options['minor'] : 0; if ($options['minor']) { $user = $DBInfo->user; # get from COOKIE VARS if ($DBInfo->owners and in_array($user->id, $DBInfo->owners)) { $options['minor'] = 1; } else { $options['minor'] = 0; } } $formatter->page->write($savetext); $retval = array(); $options['retval'] =& $retval; $ret = $DBInfo->savePage($formatter->page, $comment, $options); if ($ret != -1 and $DBInfo->notify and $options['minor'] != 1) { $options['noaction'] = 1; if (!function_exists('mail')) { $options['msg'] = sprintf(_("mail does not supported by default.")) . "<br />"; } else { $ret2 = wiki_notify($formatter, $options); if ($ret2) { $options['msg'] = sprintf(_("Sent notification mail.")) . "<br />"; } else { $options['msg'] = sprintf(_("No subscribers found.")) . "<br />"; } } } if ($ret == -1) { if (!empty($options['retval']['msg'])) { $msg = $options['retval']['msg']; } else { $msg = sprintf(_("%s is not editable"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); } $options['title'] = $msg; } else { $options['title'] = sprintf(_("%s is saved"), $formatter->link_tag($formatter->page->urlname, "?action=show", _html_escape($options['page']))); } $myrefresh = ''; if (!empty($DBInfo->use_save_refresh)) { $lnk = $formatter->link_url($formatter->page->urlname, "?action=show"); if (!empty($options['section'])) { $lnk .= '#sect-' . $options['section']; } if ($DBInfo->use_save_refresh > 0 || $ret == -1) { $sec = $DBInfo->use_save_refresh - 1; if ($sec < 0) { $sec = 3; } $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } else { $myrefresh = array('Status: 302', 'Location: ' . qualifiedURL($lnk)); } } $formatter->send_header($myrefresh, $options); if (is_array($myrefresh)) { return; } $formatter->send_title("", "", $options); $opt['pagelinks'] = 1; $opt['refresh'] = 1; $formatter->page->pi = null; // call get_instruction() again # re-generates pagelinks print "<div id='wikiContent'>\n"; $formatter->send_page("", $opt); print "</div>\n"; } $args['editable'] = 0; $formatter->send_footer($args, $options); }
function do_man_get($formatter, $options) { global $DBInfo; $supported = array('C', 'bg', 'de', 'en', 'fr', 'hu', 'ja', 'pt', 'ru', 'sr', 'cs', 'de_DE', 'es', 'fr_FR', 'id', 'ko', 'nl', 'pt_BR', 'sk', 'sv', 'da', 'el', 'fi', 'hr', 'it', 'pl', 'ro', 'sl'); if (!$options['man']) { $options['title'] = _("No manpage selected"); do_invalid($formatter, $options); return; } $LANG = ''; if ($options['lang'] and in_array($options['lang'], $supported)) { $LANG = 'LANG=' . $options['lang']; } if ($options['sec'] != intval($options['sec'])) { unset($options['sec']); } $cmd = $LANG . " man {$options['sec']} -a -w {$options['man']}"; $formatter->errlog(); $fp = popen(escapeshellcmd($cmd) . $formatter->LOG, 'r'); if (is_resource($fp)) { $fnames = array(); while ($l = fgets($fp, 1024)) { if (preg_match('/\\.gz$/', $l)) { $fnames[] = trim($l); } } pclose($fp); } $err = $formatter->get_errlog(); if ($err) { $err = '<pre class="errlog">' . $err . '</pre>'; } if (!$fnames) { $options['title'] = _("No manpage found"); $options['msg'] = $err; // XXX do_invalid($formatter, $options); return; } $sz = count($fnames); $man = array(); if ($sz >= 1) { foreach ($fnames as $fname) { $man[] = $tmp = preg_replace("/\\.gz\$/", "", basename($fname)); } $options['page'] = "ManPage/{$man['0']}"; $fname = $fnames[0]; } if ($DBInfo->hasPage($options['page'])) { $options['value'] = $options['page']; do_goto($formatter, $options); return; } if (function_exists('gzfile')) { $raw = gzfile($fname); $raw = join('', $raw); } else { exec("zcat {$fname}", $raw); $raw = join("\n", $raw); } if ($sz > 1) { $lnk = array(); foreach ($fnames as $f) { $tmp = preg_match("@/([^/]+)?/man./([^/]+).(.)\\.gz\$@", $f, $m); $lang = 'en'; if ($m) { if ($m[1] != 'man') { $lang = $m[1]; } $myman = $m[2]; $mysec = $m[3]; $tag = ''; if ($lang) { $tag = $lang == 'ko' ? '(' . $lang . ')' : ''; $lang = '&lang=' . $lang; } $lnk[] = $formatter->link_tag('ManPage/' . $myman . '.' . $mysec, '?action=man_get&man=' . $myman . '&sec=' . $mysec . $lang, $myman . '.' . $mysec) . $tag; } } if (sizeof($lnk) > 0) { $options['msgtitle'] = implode(', ', $lnk); } } if ($DBInfo->man_charset and $DBInfo->man_charset != $DBInfo->charset) { if (function_exists('iconv')) { $ignore = '//IGNORE'; // XXX $raw = iconv($DBInfo->man_charset, $DBInfo->charset . $ignore, $raw); } } if ($DBInfo->man_filter) { $raw = $formatter->filter_repl('simplere', $raw, array('page' => $DBInfo->man_filter)); } $options['savetext'] = $raw; if ($options['edit']) { $formatter->send_header("", $options); $formatter->send_title("", "", $options); print macro_EditText($formatter, $raw, $options); } else { if ($options['raw']) { $formatter->send_header("content-type: text/plain", $options); print $raw; return; } else { $formatter->send_header("", $options); $formatter->send_title("", "", $options); print $formatter->processor_repl('man', $raw, $options); $extra = ''; if ($options['sec']) { $extra = '&sec=' . $options['sec']; } if ($options['lang']) { $extra = '&lang=' . $options['lang']; } $formatter->actions[] = '?action=man_get&man=' . $options['man'] . $extra . '&edit=1 ' . _("Edit man page"); } } $formatter->send_footer('', $options); return; // vim:et:sts=4: }
function do_bbs($formatter, $options = array()) { global $DBInfo; $err = ''; $args = array(); if ($options['mode'] == 'rss') { #$formatter->send_header("Content-Type: text/xml",$options); header("Content-Type: application/xml"); print macro_BBS($formatter, '', $options); return; } # load a config file $bname = $formatter->page->name; $conf0 = array(); if (file_exists('config/bbs.' . $bname . '.php')) { $confname = 'bbs.' . $bname . '.php'; $conf0 = _load_php_vars('config/bbs.default.php'); } else { $confname = 'bbs.default.php'; } $conf = _load_php_vars('config/' . $confname); $conf = array_merge($conf0, $conf); # check valid IP $check_ip = true; if ($conf['allowed_ip'] and in_array($options['mode'], array('edit', 'delete', 'new'))) { include_once 'lib/checkip.php'; if (!check_ip($conf['allowed_ip'], $_SERVER['REMOTE_ADDR'])) { $options['title'] = sprintf(_("Your IP address is not allowed to %s at this BBS"), $options["mode"]); $check_ip = false; } } $check_pass = false; $MyBBS = macro_BBS($formatter, '', array('new' => 1)); if ($options['id'] != 'Anonymous' and $options['mode'] == 'edit' and $options['no']) { $body = $MyBBS->getPage($options['no']); if ($body != null) { include_once 'lib/metadata.php'; list($metas, $dummy) = _get_metadata($body); if ($metas['Name'] == $options['id']) { # XXX $check_pass = true; } } } # password check while ($options['no'] and ($options['mode'] == 'delete' or $options['mode'] == 'edit') and $_SERVER['REQUEST_METHOD'] == "POST") { # check admin(WikiMaster) password if (!$check_pass) { if ($DBInfo->admin_passwd) { $check_pass = $DBInfo->admin_passwd == crypt($options['pass'], $DBInfo->admin_passwd); } else { $check_pass = false; } } # check admin(BBSMaster) password if (!$check_pass and $conf['admin_passwd']) { $check_pass = $conf['admin_passwd'] == crypt($options['pass'], $conf['admin_passwd']); } while ($check_ip and $check_pass and $options['mode'] == 'delete') { if (($p = strpos($options['no'], ' ')) !== false) { $nids = explode(" ", $options['no']); } else { $nids = array($options['no']); } for ($i = 0, $sz = sizeof($nids); $i < $sz; $i++) { if ($MyBBS->hasPage($nids[$i])) { $MyBBS->deletePage($nids[$i]); } else { $MyBBS->deleteIndex($nids[$i]); } } $query = $options['p'] ? '&p=' . $options['p'] : ''; $myrefresh = ''; if ($DBInfo->use_save_refresh) { $sec = $DBInfo->use_save_refresh - 1; $lnk = $formatter->link_url($formatter->page->urlname, '?' . ($query ? $query : 'action=show')); $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $options['msg'] = _("Successfully deleted."); $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); if ($myrefresh) { $header[] = $myrefresh; } $formatter->send_header($header, $options); $formatter->send_title("", "", $options); $formatter->send_footer("", $options); return; } break; } while ($options['mode'] == 'comment' and $options['savetext'] and $_SERVER['REQUEST_METHOD'] == "POST") { $query = 'no=' . $options['no'] . ($options['p'] ? '&p=' . $options['p'] : ''); $myrefresh = ''; if ($DBInfo->use_save_refresh) { $sec = $DBInfo->use_save_refresh - 1; $lnk = $formatter->link_url($formatter->page->urlname, '?' . $query); $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); if ($myrefresh) { $header[] = $myrefresh; } $p = new WikiPage($options['page'] . ':' . $options['no'], $options); $formatter->page = $p; $options['page'] = $options['page'] . ':' . $options['no']; $options['minor'] = 1; # do not log $formatter->send_header($header, $options); $options['action_mode'] = 'ajax'; $options['call'] = 1; $ret = $formatter->ajax_repl('comment', $options); if ($ret == false) { $options['msg'] = _("Fail to post comment."); } unset($options['action_mode']); $formatter->send_title("", "", $options); $formatter->send_footer("", $options); return; break; } if ($options['mode'] == 'delete') { $msg = sprintf(_("The article %s will be deleted."), $options['no']); $url = $formatter->link_url($formatter->page->urlname, ''); $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); $formatter->send_header($header, $options); $formatter->send_title("", "", $options); print <<<EOF <div class='deleteDialog'> <form method='post' action='{$url}' > <strong>{$msg}</strong> <table border='0' width='20%'> <tbody> <tr><th>Password:</th><td><input type='password' style="width:200px" name='pass' /></td></tr> </tbody> </table> <input type='hidden' name='no' value='{$options['no']}' /> <input type='hidden' name='p' value='{$options['p']}' /> <input type='hidden' name='action' value='bbs' /> <input type='hidden' name='mode' value='delete' /> </form> </div> EOF; $formatter->send_footer("", $options); return; } else { if ($options['mode'] == 'edit') { $button_preview = $options['button_preview']; while ($_SERVER['REQUEST_METHOD'] == "POST") { $savetext = $options['savetext']; $datestamp = $options['datestamp']; $subject = $options['subject']; # strip some tags from the subject $subject = preg_replace("%</?(marquee|embed|object|script|form|frame|iframe|img|a|)[^>]*>%", '', $subject); $args['subject'] = _stripslashes($subject); if ($options['id'] == 'Anonymous') { $name = $options['name']; $name = strip_tags($name); $pass = $options['pass']; $home = $options['homepage']; # check a homepage address if (!empty($home)) { if (!preg_match('/^((ftp|http|news):\\/\\/)[a-z0-9][a-z0-9_\\-]+\\.[a-z0-9\\-\\.]+.*/', $home)) { $options['msg'] = _("Invalid HomePage address."); break; } else { if (!eregi("^(ftp|http|news):\\/\\/", $home)) { $home = "http://" . $home; } } } # check email address $email = $options['email']; $args['name'] = _stripslashes($name); $args['pass'] = _stripslashes($pass); $args['home'] = _stripslashes($home); $args['email'] = _stripslashes($email); if (!$name) { $options['msg'] = _("No Name error."); break; } } else { $args['name'] = $options['id']; } $args['no'] = $options['no'] ? $options['no'] : 0; if ($options['no'] and !$check_pass) { break; } # edit mode if (!$check_ip) { break; } # not allowed IPs if (!$args['subject'] or !$savetext) { $options['msg'] = _("No Subject error."); break; } if ($button_preview) { break; } $savetext = preg_replace("/\r\n|\r/", "\n", $savetext); if ($savetext and $DBInfo->spam_filter) { $text = $savetext; $fts = preg_split('/(\\||,)/', $DBInfo->spam_filter); foreach ($fts as $ft) { $text = $formatter->filter_repl($ft, $text, $options); } if ($text != $savetext) { $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki."); break; } } $savetext = rtrim($savetext) . "\n"; $args['text'] = _stripslashes($savetext); $MyBBS = macro_BBS($formatter, '', array('new' => 1)); $myrefresh = ''; if ($DBInfo->use_save_refresh) { $sec = $DBInfo->use_save_refresh - 1; $lnk = $formatter->link_url($formatter->page->urlname, "?action=show"); $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); $options['msg'] = _("New post added successfully"); if ($myrefresh) { $header[] = $myrefresh; } $formatter->send_header($header, $options); $formatter->send_title("", "", $options); if ($MyBBS->use_attach) { # XXX $args['call'] = 1; $lists = array(); $lists = $formatter->macro_repl('Attachments', '', $args); unset($args['call']); if (!empty($lists)) { $args['attach'] = $lists; } } $MyBBS->savePage($args); $formatter->send_footer("", $options); return; } #print _bbs_edit_form(); #print macro_BBSForm($formatter); $formatter->send_header("", $options); $formatter->send_title("", "", $options); if ($options['savetext']) { $formatter->_raw_body = $options['savetext']; if ($options['no']) { $hidden = "<input type='hidden' name='no' value='{$options['no']}' />\n" . "<input type='hidden' name='p' value='{$options['p']}' />"; } } else { if ($options['no']) { $MyBBS = macro_BBS($formatter, '', array('new' => 1)); $nid = $options['no']; if ($nid and $MyBBS->hasPage($nid)) { $fields = array('Name', 'Subject', 'Date', 'Email', 'HomePage', 'IP', 'Keywords'); include_once 'lib/metadata.php'; $body = $MyBBS->getPage($nid); $boundary = strtoupper(md5("COMMENT")); # XXX list($body, $comments) = explode('----' . $boundary . "\n", $body, 2); # XXX if ($body != null) { list($metas, $nbody) = _get_metadata($body); if ($nbody) { $body = $nbody; } $args['name'] = $metas['Name']; $args['subject'] = $metas['Subject']; $args['home'] = $metas['HomePage']; $args['email'] = $metas['Email']; $args['text'] = $body; $formatter->_raw_body = $body; $hidden = "<input type='hidden' name='no' value='{$nid}' />\n" . "<input type='hidden' name='p' value='{$options['p']}' />"; } } } else { $formatter->_raw_body = ""; } } if ($options['id'] == 'Anonymous') { $formatter->_extra_form = <<<EOF <div> <table border='0' width='100%'> <col width='10%' /><col width='10%' /><col width='10%' /><col width='70%' /> <tbody> <tr><th>Subject:</th><td colspan='3'><input type='text' style="width:80%" name='subject' value='{$args['subject']}' /></td></tr> <tr><th>Name:</th><td><input type='text' name='name' value='{$args['name']}' /></td> <th>Password:</th><td><input type='password' name='pass' /></td></tr> <tr><th>Email:</th><td colspan='3'><input type='text' style="width:50%" name='email' value='{$args['email']}' /></td></tr> <tr><th>HomePage:</th><td colspan='3'><input type='text'style="width:50%" name='homepage' value='{$args['home']}' /></td></tr> </tbody> </table> {$hidden} </div> EOF; } else { if (!$check_pass and !empty($options['no']) and $options['mode'] == 'edit') { $pass_form = "<tr><th>Password:</th><td><input type='password' name='pass' /></td></tr>"; } $formatter->_extra_form = <<<EOF <div> <table border='0' width='100%'> <col width='20%' /><col width='80%' /> <tbody> <tr><th>Subject:</th><td><input type='text' style="width:80%" name='subject' value='{$args['subject']}' /></td></tr> {$pass_form} </tbody> </table> {$hidden} </div> EOF; } $formatter->_mtime = 0; $options['simple'] = 2; $options['nocategories'] = 1; $options['minor'] = 1; # do not show a minor checkbox print macro_EditText($formatter, $value, $options); $formatter->_raw_body = null; $formatter->_extra_form = null; } else { $formatter->send_header("", $options); $formatter->send_title("", "", $options); print macro_BBS($formatter, 'no=' . $options['no']); } } $formatter->send_footer("", $options); return; }
function macro_ImportUrl($formatter, $value = '', $options = array()) { $value = $value ? $value : $options['url']; if (!$value) { return <<<EOF <div> <form method='get' action=''> <input type='hidden' name='action' value='importurl' /> <input name='url' value='http://' size='60' /> <input type='submit' value='html 2 wiki' /> </form> </div> EOF; } if (!preg_match('/^(http|ftp|https):\\/\\//', $value)) { return false; } $fp = fopen("{$value}", "r"); if (!$fp) { return false; } while ($data = fread($fp, 4096)) { $html_data .= $data; } fclose($fp); # only use <body> contents preg_match("/<\\s*body[^>]*>(.*)<\\/\\s*body\\s*>/is", $html_data, $m); if ($m) { $html_data = $m[1]; } # fix_url($value,$dummy); # fix_url('http://hello.com/',$dummy); # fix_url('http://hello.com',$dummy); # remove some tags $out = preg_replace("@<(script|style)[^>]*>.*</\\1>@is", "", $html_data); # remove empty tags $out = preg_replace("@<(h.|).[^>]*></\\1>@i", "", $out); # strip tags $out = strip_tags($out, '<pre><hr><td><tr><a><b><i><u><h1><h2><h3><h4><h5><li><img>'); # fix some "\n" important sytaxes $out = preg_replace(array("/(?!\n)(\\s*<h.[^>]*>)/i", "/((<\\/h.\\s*>)(?:[ ]*)(?!\n))/i"), array("\n\\1", "\\2\n"), $out); $splits = preg_split('/(<pre\\s*[^>]*>|<\\/pre>)/', $out, -1, PREG_SPLIT_DELIM_CAPTURE); $wiki = ''; $base_url = $value; if (($p = strrpos($value, '/')) !== false) { $base_url = substr($value, 0, $p); } _fix_url_callback($base_url, true); _fix_url_callback2($base_url, true); foreach ($splits as $split) { if (preg_match('/^<pre\\s/i', $split)) { $state = 'p'; if (preg_match("/<pre\\s*class=.wikiSyntax.[^>]*>/i", $split)) { $pre = '{{{#!vim'; } else { if (preg_match("/<pre\\s*class=.wiki.>/i", $split)) { $pre = '{{{'; } else { $pre = '{{{#!'; } } continue; } else { if (preg_match('/^<\\/pre>/i', $split)) { $state = ''; $pre .= "}}}\n"; $pre = str_replace(array(""", '<', '>', '&', '<b>', '</b>'), array('"', '<', '>', '&', '', ''), $pre); $wiki .= $pre; $pre = ''; continue; } } if ($pre) { $pre .= $split; continue; } # remove leading spaces $out = preg_replace("/\n[ ]+/", "\n", $split); $out = preg_replace("/\r/", "", $out); #$out= preg_replace("/<img\s*[^>]*src=(['\"])?((http|ftp)[^'\"]+)\\1[^>]*>/i", # "\\2",$out); $out = preg_replace_callback("/<img\\s*[^>]*src=(['\"])?([^'\"]+)\\1[^>]*>/i", '_fix_url_callback', $out); $out = preg_replace("/<li[^>]*>/i", " * ", $out); $out = preg_replace("/<\\/li>\n*/i", "\n", $out); $out = preg_replace("/<td\\s*[^>]*>/i", "||", $out); $out = preg_replace("/<\\/td>\n*/i", "", $out); $out = preg_replace("/<tr\\s*[^>]*>/i", "", $out); $out = preg_replace("/<\\/tr>\n*/i", "||\n", $out); $out = preg_replace("/<hr\\s*[^>]*>/i", "----\n", $out); # $out = str_replace(array(""", '<', '>', '&'), array('"', '<', '>', '&'), $out); # for rendered wiki page #$out= preg_replace("/<pre\s*class=.wiki.>/i","{{{",$out); #$out= preg_replace("/<pre\s*[^>]*>/i","{{{#!vim config",$out); #$out= preg_replace("/<\/pre>/i","}}}\n",$out); # remove id tag and perma links $out = preg_replace("/<a\\s*id=[^>]+>[^<]*<\\/a>/i", "", $out); $out = preg_replace("/<a\\s*[^>]*href=['\"]#[^>]+>[^<]*<\\/a>/i", "", $out); $out = preg_replace("/<a\\s*[^>]*href=['\"]#[^>]+>[^<]*<\\/a>/i", "", $out); # remove ?WikiName links $out = preg_replace("/<a\\s*[^>]*href=['\"][^>]+>\\?<\\/a>/i", "", $out); # remove hrefs with a blank link $out = preg_replace("/<a\\s*[^>]*href=['\"][^>]+><\\/a>/i", "", $out); # url $out = preg_replace_callback("/<a\\s*[^>]*href=['\"]([^'\"]+)['\"][^>]*>([^<]+)<\\/a>/i", '_fix_url_callback2', $out); # heading $out = preg_replace_callback("/<h(\\d)[^>]*>(?:\\d+\\.?\\d*)*([^<]+)<\\/h\\d>/i", '_heading_callback', $out); # paragraph $out = preg_replace("/\n{3,}/", "\n\n", $out); $out = preg_replace("/<b>([^<]+)<\\/b>/i", "'''\\1'''", $out); $out = preg_replace("/<i>([^<]+)<\\/i>/i", "''\\1''", $out); $out = preg_replace("/<u>([^<]+)<\\/u>/i", "__\\1__", $out); $wiki .= $out; } #$wiki=preg_replace(array("/\007\s/","/\007/"),array(" ",""),$wiki); return $wiki; $options['savetext'] = $out; $options['button_preview'] = 1; $formatter->send_header("", $options); $formatter->send_title(_("Import URL"), "", $options); #$ret= macro_Test($formatter,$options[value]); #$formatter->send_page($ret); print macro_EditText($formatter, $value, $options); $formatter->send_footer("", $options); return; }