function plugin_newpage_action() { global $vars, $_string, $_newpage_messages; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), '', 403); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), '', 403); } if (!isset($vars['page'])) { $retvars['msg'] = $_newpage_messages['title']; $retvars['body'] = plugin_newpage_convert(); return $retvars; } else { $page = Utility::stripNullBytes($vars['page']); if (isset($vars['refer'])) { $r_page = Utility::getPageName($page, $vars['refer']); $r_refer = 'refer=' . $vars['refer']; } else { $r_page = $page; $r_refer = ''; } Utility::redirect(get_page_location_uri($r_page, $r_refer)); exit; } }
function plugin_pcomment_action() { global $vars, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY')); } if (!isset($vars['msg']) || empty($vars['msg'])) { return array(); } // Validate if (is_spampost(array('msg'))) { Utility::dump(); return array('msg' => '', 'body' => ''); // Do nothing } $refer = isset($vars['refer']) ? $vars['refer'] : ''; if (!is_page($refer) && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE')); } $retval = plugin_pcomment_insert(); if ($retval['collided']) { $vars['page'] = $refer; return $retval; } $hash = isset($vars['reply']) ? '#pcmt' . Utility::htmlsc($vars['reply']) : ''; Utility::redirect(get_page_location_uri($refer) . $hash); }
function plugin_comment_action() { global $vars, $post, $_comment_messages; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { die_message(sprintf($_comment_messages['err_prohibit'], 'PKWK_READONLY')); } if (!is_page($vars['refer']) && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_comment_messages['err_prohibit'], 'PKWK_CREATE_PAGE')); } return plugin_comment_write(); }
function plugin_role_convert() { global $_role_msg; $role = Auth::get_role_level(); if ($role == 0) { return ''; } $argv = func_get_args(); $i = count($argv); if ($i < 2) { return role_list($role); } $msg = $argv[$i - 1]; if (!Auth::is_check_role($argv[0])) { return RendererFactory::factory(str_replace("\r", "\n", $msg)); } return ''; }
function plugin_guiedit_action() { // global $vars, $_title_edit, $load_template_func; global $vars, $load_template_func; global $menubar, $sidebar, $topicpath, $_string; // if (PKWK_READONLY) Utility::dieMessage( sprintf($_string['error_prohibit'],'PKWK_READONLY') ); if (Auth::check_role('readonly')) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY')); } if (PKWK_READONLY == Auth::ROLE_AUTH && Auth::get_role_level() > Auth::ROLE_AUTH) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY')); } $page = isset($vars['page']) ? $vars['page'] : ''; $wiki = Factory::Wiki($page); if (!$wiki->isEditable()) { Utility::dieMessage('You have not permission to edit this page.'); } if (!is_page($page) && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE')); } global $guiedit_use_fck; $guiedit_use_fck = isset($vars['text']) ? false : true; if ($guiedit_use_fck) { global $guiedit_pkwk_root; $guiedit_pkwk_root = get_baseuri('abs'); } if (GUIEDIT_FULL_SIZE) { $menubar = $sidebar = ''; $topicpath = false; } if (isset($vars['edit'])) { return plugin_guiedit_edit_data($page); } else { if ($load_template_func && isset($vars['template'])) { return plugin_guiedit_template(); } else { if (isset($vars['preview'])) { return plugin_guiedit_preview(); } else { if (isset($vars['write'])) { return plugin_guiedit_write(); } else { if (isset($vars['cancel'])) { return plugin_guiedit_cancel(); } } } } } $postdata = $vars['original'] = $wiki->get(true); if (isset($vars['text'])) { if (!empty($vars['id'])) { exist_plugin('edit'); $postdata = plugin_edit_parts($vars['id'], $source); if ($postdata === FALSE) { unset($vars['id']); $postdata = $vars['original']; } } if ($postdata == '') { $postdata = $wiki->auto_template(); } } return array('msg' => 'GUI Edit', 'body' => plugin_guiedit_edit_form($page, $postdata)); }
function plugin_suckerfish_keyword($name) { global $do_backup, $trackback, $referer; global $function_freeze; global $vars; // $is_read = (arg_check('read') && is_page($vars['page'])); $is_read = isset($vars['page']) && is_page($vars['page']); $is_readonly = Auth::check_role('readonly'); $is_safemode = Auth::check_role('safemode'); $is_createpage = Auth::is_check_role(PKWK_CREATE_PAGE); $num = func_num_args(); $args = $num ? func_get_args() : array(); switch ($name) { case 'freeze': if ($is_readonly) { break; } if (!$is_read) { break; } if ($function_freeze) { if (!is_freeze($vars['page'])) { $name = 'freeze'; } else { $name = 'unfreeze'; } return _suckerfish($name); } break; case 'upload': if ($is_readonly) { break; } if (!$is_read) { break; } if ($function_freeze && is_freeze($vars['page'])) { break; } if ((bool) ini_get('file_uploads')) { return _suckerfish($name); } break; case 'filelist': if (arg_check('list')) { return _suckerfish($name); } break; case 'backup': if ($do_backup) { return _suckerfish($name); } break; case 'referer': if ($referer) { return _suckerfish($name); } break; case 'rss': case 'mixirss': return _suckerfish($name); break; case 'diff': if (!$is_read) { break; } if ($is_safemode) { break; } return _suckerfish($name); break; case 'edit': case 'guiedit': if (!$is_read) { break; } if ($is_readonly) { break; } if ($function_freeze && is_freeze($vars['page'])) { break; } return _suckerfish($name); break; case 'new': case 'newsub': if ($is_createpage) { break; } case 'rename': case 'copy': if ($is_readonly) { break; } case 'reload': case 'print': case 'full': if (!$is_read) { break; } default: return _suckerfish($name); break; } return array(); }
function plugin_edit_action() { // global $vars, $_title_edit, $load_template_func; global $vars, $load_template_func, $_string, $_edit_msg; $page = isset($vars['page']) ? $vars['page'] : null; if (empty($page)) { return array('msg' => $_edit_msg['msg_edit'], 'body' => $_edit_msg['err_empty_page']); } $wiki = Factory::Wiki($page); if (!$wiki->isEditable(true)) { Utility::dieMessage($_string['err_empty_page'], 403); } // if (PKWK_READONLY) die_message( sprintf($_string['error_prohibit'], 'PKWK_READONLY') ); if (Auth::check_role('readonly')) { Utility::dieMessage($_string['error_prohibit'], 403); } if (PKWK_READONLY == Auth::ROLE_AUTH && Auth::get_role_level() > Auth::ROLE_AUTH) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), 403); } if (isset($vars['realview'])) { return plugin_edit_realview(); } if (!$wiki->has() && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), 403); } if (preg_match($wiki::INVALIED_PAGENAME_PATTERN, $page)) { Utility::dieMessage($_string['illegal_chars']); } if (isset($vars['preview']) || $load_template_func && isset($vars['template'])) { return plugin_edit_preview(); } else { if (isset($vars['write'])) { return plugin_edit_write(); } else { if (isset($vars['cancel'])) { return plugin_edit_cancel(); } } } $postdata = $vars['original'] = $wiki->get(true); Auth::is_role_page($postdata); if (isset($vars['id']) && !empty($vars['id'])) { $source = $wiki->get(); $postdata = plugin_edit_parts($vars['id'], $source); if ($postdata === FALSE) { unset($vars['id']); // なかったことに :) $postdata = $vars['original']; } } if (empty($postdata)) { // Check Page name length // http://pukiwiki.sourceforge.jp/dev/?PukiWiki%2F1.4%2F%A4%C1%A4%E7%A4%C3%A4%C8%CA%D8%CD%F8%A4%CB%2F%C4%B9%A4%B9%A4%AE%A4%EB%A5%DA%A1%BC%A5%B8%CC%BE%A4%CE%A5%DA%A1%BC%A5%B8%A4%CE%BF%B7%B5%AC%BA%EE%C0%AE%A4%F2%CD%DE%BB%DF $filename_max_length = 250; $filename = Utility::encode($page) . '.txt'; $filename_length = strlen($filename); if ($filename_length > $filename_max_length) { // Filename too long return array('msg' => $_edit_msg['title_edit'], 'body' => join("\n", array('<p class="alert alert-warning"><span class="fa fa-exclamation-triangle"></span>' . $_edit_msg['err_long'], '</p>', '<dl class="dl-horizontal">', '<dt>Page name</dt>', '<dd>' . Utility::htmlsc($page) . '</dd>', '<dt>Filename</dt>', '<dd>' . $filename . '</dd>', '<dt>Filename length</dt>', '<dd>' . $filename_length . '</dd>', '<dt>Filename limit</dt>', '<dd>' . $filename_max_length . '</dd>', '</dl>'))); } else { $postdata = $wiki->auto_template(); } } return array('msg' => sprintf($_edit_msg['title_edit'], $page), 'body' => Utility::editForm($page, $postdata)); }
/** * ページを書き込む * @param string $str 書き込むデーター * @param boolean $notimestamp タイムスタンプを更新するかのフラグ * @return void */ public function set($str, $keeptimestamp = false) { global $use_spam_check, $_string, $vars, $_title, $whatsnew, $whatsdeleted; // roleのチェック if (Auth::check_role('readonly')) { return; } // Do nothing if (Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_strings['error_prohibit'], 'PKWK_READONLY'), 403); } // 簡易スパムチェック(不正なエンコードだった場合ここでエラー) if (isset($vars['encode_hint']) && $vars['encode_hint'] !== PKWK_ENCODING_HINT) { Utility::dump(); Utility::dieMessage($_string['illegal_chars'], 403); } // ポカミス対策:配列だった場合文字列に変換 if (is_array($str)) { $str = join("\n", $str); } // 入力データーを整形(※string型です) $postdata = Rules::make_str_rules($str); // 過去のデーターを取得 $oldpostdata = self::has() ? self::get(TRUE) : ''; // 差分を生成(ここでの差分データーはAkismetでも使う) $diff = new Diff($oldpostdata, $postdata); $diffobj = new LineDiff(); $diffdata = $diffobj->str_compare($oldpostdata, $postdata); // ログイン済みもしくは、自動更新されるページである $has_not_permission = Auth::check_role('role_contents_admin'); // 未ログインの場合、S25Rおよび、DNSBLチェック if ($has_not_permission) { $ip_filter = new IpFilter(); //if ($ip_filter->isS25R()) Utility::dieMessage('S25R host is denied.'); // 簡易スパムチェック if (Utility::isSpamPost()) { Utility::dump(); Utility::dieMessage('Writing was limited. (Blocking SPAM)'); } if (isset($use_spam_check['page_remote_addr']) && $use_spam_check['page_remote_addr'] !== 0) { // DNSBLチェック $listed = $ip_filter->checkHost(); if ($listed !== false) { Utility::dump('dnsbl'); Utility::dieMessage(sprintf($_strings['prohibit_dnsbl'], $listed), $_title['prohibit'], 400); } } if (isset($use_spam_check['page_contents']) && $use_spam_check['page_contents'] !== 0) { // URLBLチェック $reason = self::checkUriBl($diff); if ($reason !== false) { Utility::dump($reason); Utility::dieMessage($_strings['prohibit_uribl'], $_title['prohibit'], 400); } } // 匿名プロクシ if ($use_spam_check['page_write_proxy'] && ProxyChecker::is_proxy()) { Utility::dump('proxy'); Utility::dieMessage($_strings['prohibit_proxy'], $_title['prohibit'], 400); } // Akismet global $akismet_api_key; if (isset($use_spam_check['akismet']) && $use_spam_check['akismet'] !== 0 && !empty($akismet_api_key)) { $akismet = new Akismet($akismet_api_key, Router::get_script_absuri()); if ($akismet->verifyKey($akismet_api_key)) { // 送信するデーターをセット $akismet_post = array('user_ip' => REMOTE_ADDR, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'comment_type' => 'comment', 'comment_author' => isset($vars['name']) ? $vars['name'] : 'Anonymous', 'comment_content' => $postdata); // if ($use_spam_check['akismet'] === 1){ // // 差分のみをAkismetに渡す // foreach ($diff->getSes() as $key=>$line){ // if ($key !== $diff::SES_ADD) continue; // $added_data[] = $line; // } // $akismet_post['comment_content'] = join("\n",$added_data); // unset($added_data); // } if ($akismet->isSpam($akismet_post)) { Utility::dump('akismet'); Utility::dieMessage($_strings['prohibit_akismet'], $_title['prohibit'], 400); } } else { Utility::dieMessage('Akismet API key does not valied.', 500); } } // captcha check if (isset($use_spam_check['captcha']) && $use_spam_check['captcha'] !== 0) { Captcha::check(false); } } // 現時点のページのハッシュを読む $old_digest = $this->wiki->has() ? $this->wiki->digest() : 0; // オリジナルが送られてきている場合、Wikiへの書き込みを中止し、競合画面を出す。 // 現時点のページのハッシュと、送信されたページのハッシュを比較して異なる場合、 // 自分が更新している間に第三者が更新した(=競合が起きた)と判断する。 $collided = isset($vars['digest']) && $old_digest !== 0 && $vars['digest'] !== $old_digest; if ($collided && isset($vars['original'])) { return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided'] . Utility::showCollision($oldpostdata, $postdata, $vars['original']) . Utility::editForm($this->page, $postdata, false)); } // add client info to diff // $diffdata[] = '// IP:"'. REMOTE_ADDR . '" TIME:"' . UTIME . '" REFERER:"' . $referer . '" USER_AGENT:"' . $user_agent. "\n"; FileFactory::Diff($this->page)->set($diffdata); unset($oldpostdata, $diff, $diffdata); // Logging postdata (Plus!) if (self::POST_LOGGING === TRUE) { Utility::dump(self::POST_LOG_FILENAME); } // 入力が空の場合、削除とする if (empty($str)) { // Wikiページを削除 $ret = $this->wiki->set(''); Recent::set($this->page, true); } else { // Wikiを保存 $ret = $this->wiki->set($postdata, $keeptimestamp); // 最終更新を更新 Recent::set($this->page); } if ($this->page !== $whatsnew || $this->page !== $whatsdeleted || !$this->isHidden()) { // バックアップを更新 Factory::Backup($this->page)->set(); // 更新ログをつける LogFactory::factory('update', $this->page)->set(); if (!$keeptimestamp && !empty($str)) { // weblogUpdates.pingを送信 $ping = new Ping($this->page); $ping->send(); } } // 簡易競合チェック if ($collided) { return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided_auto']); } }
function plugin_amazon_action() { global $vars; global $_amazon_msg, $_string; global $_title; // global $_no_name; if (empty($vars['itemid'])) { $retvars['msg'] = $_amazon_msg['msg_ReviewEdit']; $retvars['body'] = amazon_make_review_page(); return $retvars; } else { $itemid = Utility::htmlsc($vars['itemid']); } if (Auth::check_role('readonly')) { die_message($_string['prohibit']); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { die_message($_amazon_msg['err_newpage']); } if (empty($vars['refer']) || !check_readable($vars['refer'], false, false)) { die; } $locale = empty($vars['locale']) ? 'jp' : Utility::htmlsc($vars['locale']); $obj = new amazon_ecs($itemid, $locale); if (!$obj->is_itemid) { $retvars['msg'] = $_amazon_msg['err_code_set']; $retvars['body'] = amazon_make_review_page(); return $retvars; } $obj->get_items(); if (empty($obj->asin)) { die_message($_amazon_msg['err_not_found']); } $s_page = $vars['refer']; // 入力された内容ではなく、一律 ASINに変換 $r_page = $s_page . '/' . $obj->asin; // 入力された ISBNm ASINで作成 // $r_page = $s_page . '/' . $obj->itemid; $r_page_url = rawurlencode($r_page); $wiki = Factory::Wiki($r_page); $wiki->checkEditable(true); if (!empty($obj->items['Error'])) { $obj->rm_cache(array('xml' => true, 'img' => true)); return array('msg' => 'Error', 'body' => $obj->items['Error']); } if (empty($obj->items['title']) or preg_match('/^\\//', $s_page)) { Utility::redirect(Router::get_page_uri($s_page)); } // レビューページ編集 $body = Factory::Wiki(PLUGIN_AMAZON_TRACKER_PAGE_NAME)->get(true); // $body = str_replace('$1', $obj->itemid, $body); $body = str_replace('$1', $obj->asin, $body); $body = str_replace('$2', $obj->locale, $body); $body = str_replace('[title]', $obj->items['title'], $body); $body = str_replace('[asin]', $obj->asin, $body); $author = $obj->items['author']; $author = empty($author) ? $obj->items['manufact'] : $author; $body = str_replace('[author]', $author, $body); $body = str_replace('[group]', $obj->items['group'], $body); $auth_key = Auth::get_user_name(); $name = empty($auth_key['nick']) ? $_amazon_msg['msg_myname'] : $auth_key['nick']; $body = str_replace('[critic]', '[[' . $name . ']]', $body); $body = str_replace('[date]', '&date;', $body); $body = str_replace('[recommendation]', '[[' . $_amazon_msg['msg_this_edit'] . ']]', $body); $body = str_replace('[body]', '[[' . $_amazon_msg['msg_this_edit'] . ']]', $body); $wiki->set($body); Utility::redirect($wiki->uri('edit')); }
function plugin_bugtrack_action() { global $vars; global $_plugin_bugtrack, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { die_message($_string['prohibit']); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(str_replace('PKWK_CREATE_PAGE', 'PKWK_READONLY', $_string['prohibit'])); } if ($vars['mode'] != 'submit') { return FALSE; } // Vaildation foreign values(by miko) $spam = !in_array($vars['priority'], $_plugin_bugtrack['priority_list']) || !in_array($vars['state'], $_plugin_bugtrack['state_list']) ? TRUE : FALSE; if ($spam) { honeypot_write(); return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>'); } $page = plugin_bugtrack_write($vars['base'], $vars['pagename'], $vars['summary'], $vars['name'], $vars['priority'], $vars['state'], $vars['category'], $vars['version'], $vars['body']); Utility::redirect(get_page_location_uri($page)); exit; }
function plugin_newpage_subdir_action() { global $vars; if (Auth::check_role('readonly') || Auth::is_check_role(PKWK_CREATE_PAGE)) { return sprintf($_string['error_prohibit'], 'Readonly'); } $roots = $retval = array(); $page = empty($vars['page']) ? '' : $vars['page']; $dir = empty($vars['directory']) ? '' : strip_bracket($vars['directory']); if (empty($page)) { if (!empty($dir)) { $roots[] = substr($dir, -1) == '/' ? substr($dir, 0, -1) : $dir; } return array('msg' => sprintf(T_('Create new page to %s directory'), $dir), 'body' => print_form_string(build_directory_list($roots))); } Utility::redirect(Factory::Wiki($dir . $page)->uri('edit')); }
function plugin_dav_action() { global $scriptname, $log_ua, $attach_link; if (!exist_plugin('attach')) { dav_error_exit(500, 'attach plugin not found.'); } $scriptname = SCRIPT_NAME; header('Expires: Sat, 1 Jan 2000 00:00:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); //$_SERVER['REQUEST_METHOD'] = 'PROPFIND'; $req_headers = apache_request_headers(); $path_info = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : ''; switch ($_SERVER['REQUEST_METHOD']) { case 'OPTIONS': header('DAV: 1'); // OPTIONS,PROPFIND,GET,HEAD,PUT,DELETE,MOVE,COPY // header('Allow: OPTIONS,PROPFIND,GET,PUT,MOVE,COPY'); header('Allow: OPTIONS,PROPFIND,GET,PUT,MOVE,COPY,LOCK,UNLOCK'); header('MS-Author-Via: DAV'); exit; case 'PROPFIND': // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (!$attach_link || Auth::is_protect() || PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { $is_admin = PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? true : false; // 管理者パスワードを許容するか $login = Auth::check_auth_pw(); // 認証済かどうか if (empty($login)) { dav_error_exit(401, $is_admin); } // 未認証の場合、認証要求 // 認証判定 if (dav_login($is_admin) === false || Auth::is_protect()) { dav_error_exit(403); } } if (empty($path_info)) { dav_error_exit(301, NULL, dav_myurl1() . '/'); } $depth = isset($req_headers['Depth']) ? $req_headers['Depth'] : 0; list($dir, $file) = dav_get_folder_info($path_info, $depth); if (!isset($dir)) { dav_error_exit(404); } $ret = dav_makemultistat($dir, $file, $_SERVER['REQUEST_URI'], $depth); if (!isset($ret)) { dav_error_exit(301, NULL, dav_myurl() . '/'); } header('HTTP/1.1 207 Multi-Status'); header('Content-Type: text/xml'); echo $ret->saveXML(); exit; case 'GET': case 'HEAD': // 通常のファイル参照時は、このメソッドでアクセスされる $obj = dav_getfileobj($path_info, true); if (isset($obj) && $obj->exists) { $obj->open(); } else { if ($_SERVER['REQUEST_METHOD'] == 'GET' && empty($path_info) && strpos($log_ua, 'MSIE') > 0) { dav_officious_message(); exit; } else { dav_error_exit(404); } } exit; case 'PUT': if (Auth::check_role('readonly')) { dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) { dav_error_exit(403); } } $size = isset($req_headers['Content-Length']) ? intval($req_headers['Content-Length']) : 0; // Windows 7のクライアントは、まず0バイト書いて、 // それをLOCKしてから、上書きしにくる。 // しかし、Pukiwikiは基本上書き禁止。 // そこで0バイトの時は無視する。 if ($size == 0) { exit; } if ($size > PLUGIN_ATTACH_MAX_FILESIZE) { dav_error_exit(403, 'file size error'); } // get file $tmpfilename = tempnam('/tmp', 'dav'); $fp = fopen($tmpfilename, 'wb'); $size = 0; $putdata = fopen('php://input', 'rb'); while ($data = fread($putdata, 1024)) { $size += strlen($data); fwrite($fp, $data); } @fclose($putdata); @fclose($fp); list($_page, $_filename) = dav_get_filename($path_info); // FIXME - 勝手にファイル名を変更するため、クライアントの挙動がおかしくなる if (PLUGIN_DAV_MUST_COMPRESS) { $type = Utility::getMimeInfo($tmpfilename); $must_compress = attach_is_compress($type, PLUGIN_ATTACH_UNKNOWN_COMPRESS); } else { $must_compress = false; } $obj = dav_getfileobj($path_info, false, $must_compress); if (!is_object($obj)) { dav_error_exit(403, 'no page'); } if ($obj->exist) { @unlink($tmpfilename); dav_error_exit(403, 'already exist.'); } $ext = $must_compress ? dav_attach_get_ext() : ''; switch ($ext) { case '.tgz': $tar = new tarlib(); $tar->create(CACHE_DIR, 'tgz') or dav_error_exit(500); $tar->add_file($tmpfilename, $_filename); $tar->close(); @rename($tar->filename, $obj->filename); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); @unlink($tar->filename); break; case '.gz': $tp = fopen($tmpfilename, 'rb') or dav_error_exit(500); // アップロードされたファイルが読めません $zp = gzopen($obj->filename, 'wb') or dav_error_exit(500); // 圧縮ファイルが書けません while (!feof($tp)) { gzwrite($zp, fread($tp, 8192)); } gzclose($zp); fclose($tp); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); @unlink($tmpfilename); break; case '.bz2': $tp = fopen($tmpfilename, 'rb') or dav_error_exit(500); // アップロードされたファイルが読めません $zp = bzopen($obj->filename, 'wb') or dav_error_exit(500); // 圧縮ファイルが書けません while (!feof($tp)) { bzwrite($zp, fread($tp, 8192)); } bzclose($zp); fclose($tp); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); @unlink($tmpfilename); break; case '.zip': $zip = new ZipArchive(); $zip->addFile($tmpfilename, $_filename); if ($zip->status !== 0) { dav_error_exit(500); } // $zip->status $zip->close(); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); @unlink($tmpfilename); break; default: if (copy($tmpfilename, $obj->filename)) { chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); } @unlink($tmpfilename); } if (is_page($obj->page)) { touch(get_filename($obj->page)); } cache_timestamp_touch('attach'); $pass = dav_get_pass(); $obj->getstatus(); $obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : ''; $obj->putstatus(); // FIXME // $must_compress 時のファイル名変更に追随できない exit; case 'DELETE': if (Auth::check_role('readonly')) { dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } // WinXP,Win7 では // フォルダーは消せないくせに、消せたように処理してしまう。 // レスポンスコードを確認しないで消すので無意味。 // また、フォルダーの削除は、ページを意味するので除外する if (substr($path_info, -1) === '/') { dav_error_exit(501); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_DELETE_ADMIN_ONLY) { if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) { dav_error_exit(403); } } $obj =& dav_getfileobj($path_info, false); if (!is_object($obj)) { dav_error_exit(403); } if ($obj->getstatus() == FALSE) { dav_error_exit(404); } $pass = dav_get_pass(); $obj->delete($pass); if (file_exists($obj->filename)) { dav_error_exit(406, "can't delete this file"); } cache_timestamp_touch('attach'); exit; case 'MOVE': case 'COPY': // 添付ファイルのコピーと移動のみ // 同じページ内での添付ファイルの移動もわざわざ消して書いている // ページのコピーや移動は未実装 if (Auth::check_role('readonly')) { dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY || PLUGIN_ATTACH_DELETE_ADMIN_ONLY) { if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) { dav_error_exit(403); } } // GET TO (Destination) $destname = isset($req_headers['Destination']) ? $req_headers['Destination'] : ''; if (strpos($destname, dav_myurl0()) === 0) { $destname = substr($destname, strlen(dav_myurl0())); } if (strpos($destname, $scriptname) === 0) { $destname = urldecode(substr($destname, strlen($scriptname))); } else { dav_error_exit(403, 'not dav directory.'); } // if ($path_info === $destname) dav_error_exit(403); // Forbidden // ページ名変更 if (PLUGIN_DAV_CREATE_PAGE && $_SERVER['REQUEST_METHOD'] == 'MOVE') { // FIXME // 実在ページ && 添付ファイルなし なら許容 // 下位ページがあっても、無視して実行、関連ファイルもリネームしていない $from = dav_strip_slash($path_info); if (is_page($from)) { $pages = dav_get_existpages_cache(); if (isset($pages[$from]['file']) && count($pages[$from]['file']) == 0) { $to = dav_strip_slash($destname); if (isset($pages[$to])) { dav_error_exit(409); } // Conflict rename(get_filename($from), get_filename($to)); cache_timestamp_touch(); } else { dav_error_exit(501); // Method not Implemented } exit; } } // FROM (PATH_INFO) if ($_SERVER['REQUEST_METHOD'] == 'MOVE') { $obj1 =& dav_getfileobj($path_info, false); } else { $obj1 =& dav_getfileobj($path_info, true); // readonly } if (!is_object($obj1)) { dav_error_exit(403, 'no src page.'); } if ($obj1->getstatus() == FALSE) { dav_error_exit(404); } // TO (Destination) $obj2 =& dav_getfileobj($destname, false); if (!is_object($obj2)) { dav_error_exit(403, 'no dst page.'); } if ($obj2->exist) { dav_error_exit(409); } // Conflict - 'already exist' if (copy($obj1->filename, $obj2->filename)) { chmod($obj2->filename, PLUGIN_ATTACH_FILE_MODE); } else { dav_error_exit(406, "can't copy it"); } // COPY $pass = dav_get_pass(); if (is_page($obj2->page)) { touch(get_filename($obj2->page)); } $obj2->getstatus(); $obj2->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : ''; $obj2->putstatus(); // MOVE(DELETE) if ($_SERVER['REQUEST_METHOD'] == 'MOVE') { $obj1->delete($pass); if (file_exists($obj1->filename)) { dav_error_exit(406, "can't delete this file"); } } cache_timestamp_touch('attach'); exit; case 'MKCOL': // Microsoft-WebDAV-MiniRedir などは、[新しいフォルダー] をまず作成しようとするので無意味 if (!PLUGIN_DAV_CREATE_PAGE) { dav_error_exit(403); } if (Auth::check_role('readonly')) { dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { dav_error_exit(403, 'PKWK_CREATE_PAGE prohibits editing'); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY || PLUGIN_ATTACH_DELETE_ADMIN_ONLY) { if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) { dav_error_exit(403); } } // windows の場合、スラッシュで終わらない場合がある if (substr($path_info, -1) !== '/') { $path_info .= '/'; } if (!isset($path_info)) { dav_error_exit(403); } if (preg_match('/^\\/(.+)\\/$/', $path_info, $matches) != 1) { dav_error_exit(403); } $page = dav_strip_slash($path_info); $wiki = Factory::Wiki($page); if (!$wiki->isValied()) { dav_error_exit(403); } $wiki->set(PLUGIN_DAV_FOLODER_PAGE_BODY); // write initial string to the page. cache_timestamp_touch(); // PROPFIND の挙動 (作成したフォルダーを表示させるため) $depth = '1'; list($dir, $file) = dav_get_folder_info($path_info, $depth); if (!isset($dir)) { dav_error_exit(404); } $ret = dav_makemultistat($dir, $file, $_SERVER['REQUEST_URI'], $depth); if (!isset($ret)) { dav_error_exit(301, NULL, dav_myurl() . '/'); } header('HTTP/1.1 200 OK'); header('Content-Type: text/xml'); echo $ret->saveXML(); exit; case 'PROPPATCH': // PROPPATCH が失敗するとファイルを消すため必要。 header('HTTP/1.1 207 Multi-Status'); header('Content-Type: text/xml'); $ret = dav_proppatch_dummy_response($_SERVER['REQUEST_URI']); echo $ret->saveXML(); exit; case 'LOCK': case 'UNLOCK': case 'POST': dav_error_exit(501); // Method not Implemented exit; default: dav_error_exit(405); // Method not Allowed } exit; }
function plugin_cmd_link($name, $page) { $is_readonly = Auth::check_role('readonly'); $is_safemode = Auth::check_role('safemode'); $is_createpage = Auth::is_check_role(PKWK_CREATE_PAGE); if (isset($page)) { $page = isset($vars['page']) ? $vars['page'] : ''; } // $is_read = (arg_check('read') && is_page($_page)); $is_read = is_page($page); $is_editable = is_editable($page); switch ($name) { case 'freeze': case 'unfreeze': if ($is_read && $function_freeze) { if ($is_freeze) { $name = 'unfreeze'; } else { $name = 'freeze'; } return plugin_cmd_getlink($name); } break; case 'upload': if ($is_read && (bool) ini_get('file_uploads') && !$is_freeze && !($_page == $whatsnew || $_page == $whatsdeleted)) { return plugin_cmd_getlink($name); } break; case 'list': if ($vars['cmd'] !== 'list') { return plugin_cmd_getlink($name); } else { if ((bool) ini_get('file_uploads')) { return plugin_cmd_getlink('filelist'); } } break; case 'backup': if ($do_backup) { return plugin_cmd_getlink($name); } break; case 'brokenlink': case 'template': case 'source': if (!empty($_page)) { return plugin_cmd_getlink($name); } break; case 'trackback': if ($trackback && !($_page == $whatsnew || $_page == $whatsdeleted)) { $tbcount = tb_count($_page); if (isset($vars['cmd']) && $vars['cmd'] == 'list') { return plugin_cmd_getlink($name, 'Trackback list'); } else { return plugin_cmd_getlink($name, 'Trackback(' . $tbcount . ')'); } } break; case 'referer': case 'skeylist': case 'linklist': if ($referer) { return plugin_cmd_getlink($name); } break; case 'log_login': if (log_exist('login', $vars['page'])) { return plugin_cmd_getlink($name); } break; case 'log_check': if (log_exist('check', $vars['page'])) { return plugin_cmd_getlink($name); } break; case 'log_browse': return plugin_cmd_getlink($name); // if (log_exist('browse',$vars['page'])) { // return plugin_cmd_getlink($name); // } break; case 'log_update': if (log_exist('update', $vars['page'])) { return plugin_cmd_getlink($name); } break; case 'log_down': if (log_exist('download', $vars['page'])) { return plugin_cmd_getlink($name); } break; case '|': return '</ul>' . "\n" . '<ul>'; break; // case 'new': // case 'new': case 'newsub': case 'edit': case 'guiedit': if ($is_read && $function_freeze && !$is_freeze && !($_page == $whatsnew || $_page == $whatsdeleted)) { return plugin_cmd_getlink($name); } break; case 'full': case 'print': case 'diff': case 'reload': case 'copy': if (!$is_read) { break; } default: return plugin_cmd_getlink($name); break; } }
function plugin_tracker_action() { global $vars, $now, $config_name, $_string, $session; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); // Plus! code start if (Auth::check_role('readonly')) { die_message($_string['prohibit']); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } $base = isset($vars['_base']) ? $vars['_base'] : null; $refer = isset($vars['_refer']) ? $vars['_refer'] : null; if (isset($vars['cancel'])) { Utility::redirect(Router::get_page_uri($refer)); } $tracker_form = new Tracker_form(); // Petit SPAM Check (Client(Browser)-Server Ticket Check) $config = $tracker_form->config_name; // Rescan if ($session->offsetGet('tracker') !== md5(get_ticket() . $config_name)) { honeypot_write(); return array('msg' => 'Cannot write', 'body' => 'Prohibits editing'); } // Plus! code end // $page name to add will be decided here $num = 0; $name = isset($vars['_name']) ? $vars['_name'] : null; if (isset($vars['_page'])) { $real = $page = $vars['_page']; } else { $real = is_pagename($name) ? $name : ++$num; $page = get_fullname('./' . $real, $base); } if (!is_pagename($page)) { $page = $base; } while (is_page($page)) { $real = ++$num; $page = $base . '/' . $real; } $config = isset($vars['_config']) ? $vars['_config'] : null; // TODO: Why here // Default if (isset($_FILES)) { $_post = array_merge($vars, $_FILES); } $_post['_date'] = $now; $_post['_page'] = $page; $_post['_name'] = $name; $_post['_real'] = $real; // $_post['_refer'] = $_post['refer']; // TODO: Why here => See BugTrack/662 // Creating an empty page, before attaching files $from = $to = array(); $tracker_form = new Tracker_form(); if (!$tracker_form->init($base, $refer, $config)) { return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">' . Utility::htmlsc($tracker_form->error) . '</p>'); } // Load $template $template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE; $template = plugin_tracker_get_source($template_page); if ($template === FALSE || empty($template)) { return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">Page template (' . Utility::htmlsc($template_page) . ') not found</p>'); } if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode(null, $template)))) { return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">' . Utility::htmlsc($tracker_form->error) . '</p>'); } $fields = $tracker_form->fields; unset($tracker_form); foreach (array_keys($fields) as $field) { $from[] = '[' . $field . ']'; $to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : null; unset($fields[$field]); } // Repalace every [$field]s (found inside $template) to real values $subject = $escape = array(); foreach (array_keys($template) as $linenum) { if (trim($template[$linenum]) == null) { continue; } // Escape some TextFormattingRules $letter = $template[$linenum][0]; if ($letter == '|' || $letter == ':') { $escape['|'][$linenum] = $template[$linenum]; } else { if ($letter == ',') { $escape[','][$linenum] = $template[$linenum]; } else { // TODO: Escape "\n" except multiline-allowed fields $subject[$linenum] = $template[$linenum]; } } } foreach (str_replace($from, $to, $subject) as $linenum => $line) { $template[$linenum] = $line; } if ($escape) { // Escape for some TextFormattingRules foreach (array_keys($escape) as $hint) { $to_e = plugin_tracker_escape($to, $hint); foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) { $template[$linenum] = $line; } } unset($to_e); } unset($from, $to); if (isset($vars['preview'])) { global $_button; unset($vars['preview']); $form[] = '<p class="alert alert-success">' . T_('It will be sent with the contents of the following.') . '</p>'; $form[] = '<form action="' . Router::get_script_uri() . '"enctype="multipart/form-data" method="post" class="form-horizontal plugin-tracker-form">'; foreach ($vars as $key => $value) { $form[] = '<input type="hidden" name="' . $key . '" value="' . $value . '" />'; } $form[] = '<button type="submit" class="btn btn-primary" name="write" accesskey="s"><span class="fa fa-check"></span>' . $_button['update'] . '</button>'; $form[] = '<button type="submit" class="btn btn-warning" name="cancel" accesskey="c"><span class="fa fa-ban"></span>' . $_button['cancel'] . '</button>'; $form[] = '</form>'; $form[] = '<hr />'; $form[] = RendererFactory::factory($template); return array('msg' => 'Preview', 'body' => join("\n", $form)); } else { // Write $template, without touch $wiki = Factory::Wiki($page); $wiki->set($template); Utility::redirect($wiki->uri()); } exit; }