function print_form_string($list) { global $vars; $form_string[] = '<form action="' . Router::get_script_uri() . '" method="post" class="form-inline">'; $form_string[] = '<fieldset>'; $form_string[] = '<legend>' . T_('Page name') . '</legend>'; if ($list['directory']) { $form_string[] = '<div class="form-group">'; $form_string[] = '<select name="directory" class="form-control">'; foreach ($list['directory'] as $dir) { $form_string[] = '<option>' . Utility::htmlsc($dir) . '/</option>'; } $form_string[] = '</select>'; $form_string[] = '</div>'; } $form_string[] = '<input type="hidden" name="cmd" value="newpage_subdir" />'; $form_string[] = isset($vars['page']) ? '<input type="hidden" name="refer" value="' . $vars['page'] . '" />' : null; $form_string[] = '<div class="form-group">'; $form_string[] = '<input type="text" name="page" size="30" value="" class="form-control" />'; $form_string[] = '</div>'; $form_string[] = '<input type="submit" class="btn btn-primary" value="' . T_('New') . '" />'; $form_string[] = '</fieldset>'; $form_string[] = '</form>'; if (isset($list['warning']) && $list['warning']) { $form_string[] = '<p>'; foreach ($list['warning'] as $warning) { $form_string[] = $warning; } $form_string[] = '</p>'; } return join("\n", $form_string); }
function plugin_csv2newpage_convert() { global $vars, $_csv2newpage_messages; static $numbers = array(); $page = $vars['page']; if (!isset($numbers[$page])) { $numbers[$page] = 0; } $csv2newpage_no = $numbers[$page]++; $newpage = ''; $upload = 0; $config_name = 'default'; $args = func_get_args(); if (count($args) == 0) { return '<p>no option of config_name</p>'; } $config_name = array_shift($args); if ($args[0] == 'upload') { array_shift($args); $upload = 1; $start_line_no = array_shift($args); } if (count($args) == 0) { return '<p>no parameter for CSV fields</p>'; } $config = new Config('plugin/tracker/' . $config_name); if (!$config->read()) { return "<p>config file '" . Utility::htmlsc($config_name) . "' not found.</p>"; } $config->config_name = $config_name; if (!exist_plugin('tracker')) { return '<p>The tracker plugin is not found.</p>'; } $fields = plugin_tracker_get_fields($page, $page, $config); $form = array(); $ct = 0; $form[] = '<input type="hidden" name="cmd" value="csv2newpage" />'; $form[] = '<input type="hidden" name="_refer" value="' . Utility::htmlsc($page) . '" />'; $form[] = '<input type="hidden" name="_config" value="' . Utility::htmlsc($config->config_name) . '" />'; foreach ($args as $name) { $ct++; $s_name = Utility::htmlsc($name); $form[] = '<input type="hidden" name="csv_field' . $ct . '" value="' . $s_name . '" />' . "\n"; } if ($upload) { $form[] = '<input type="hidden" name="_upload" value="' . $upload . '" />'; $form[] = '<input type="hidden" name="start_line_no" value="' . $start_line_no . '" />'; return plugin_csv2newpage_showform(join("\n", $form)); } $ret[] = '<form action="' . Router::get_script_uri() . '" method="post" class="plugin-csv2newpage-form">'; $ret[] = '<input type="hidden" name="cmd" value="csv2newpage" />'; $ret[] = '<input type="hidden" name="_refer" value="' . Utility::htmlsc($page) . '" />'; $ret[] = '<input type="hidden" name="_config" value="' . Utility::htmlsc($config->config_name) . '" />'; $ret[] = '<input type="hidden" name="_csv2newpage_no" value="' . $csv2newpage_no . '" />'; $ret[] = Utility::htmlsc($_csv2newpage_messages['title_text']); $ret[] = '<input class="btn btn-primary" type="submit" value="' . Utility::htmlsc($_csv2newpage_messages['btn_submit']) . '" />'; $ret[] = '</form>'; return join("\n", $ret); }
/** * ヘッダー配列を取得 * @param string $content_type Mimeタイプ * @param int $modified 更新日時。通常はfilemtimeの値 * @param int $exprire 有効期限。デフォルトは1週間 * @return array */ public static function getHeaders($content_type = self::DEFAULT_CONTENT_TYPE, $modified = 0, $expire = 604800) { global $lastmod, $vars, $_SERVER; // これまでのヘッダーを取得 $headers = function_exists('getallheaders') ? getallheaders() : array(); $headers['Content-Type'] = $content_type; $headers['Content-Language'] = substr(str_replace('_', '-', LANG), 0, 2); // 更新日時をチェック if ($modified !== 0) { // http://firegoby.jp/archives/1730 $last_modified = gmdate('D, d M Y H:i:s', $modified); $etag = md5($last_modified); $headers['Cache-Control'] = 'private'; $headers['Pragma'] = 'cache'; $headers['Expires'] = gmdate('D, d M Y H:i:s', time() + $expire) . ' GMT'; $headers['Last-Modified'] = $last_modified; $headers['ETag'] = $etag; if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $_SERVER['HTTP_IF_MODIFIED_SINCE'] == $last_modified || isset($_SERVER['HTTP_IF_NONE_MATCH']) && preg_match('/' . $etag . '/', $_SERVER['HTTP_IF_NONE_MATCH'])) { self::WriteResponse($headers, Response::STATUS_CODE_304, null); exit; } // header('If-Modified-Since: ' . $last_modified ); } else { // PHPで動的に生成されるページはキャシュすべきではない $headers['Cache-Control'] = $headers['Pragma'] = 'no-cache'; $headers['Expires'] = 'Sat, 26 Jul 1997 05:00:00 GMT'; } // RFC2616 // http://sonic64.com/2004-02-06.html $headers['Vary'] = self::getLanguageHeaderVary(); if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && preg_match('/\\b(gzip|deflate|compress)\\b/i', $_SERVER['HTTP_ACCEPT_ENCODING'], $matches)) { $headers['Vary'] .= ',Accept-Encoding'; } // HTTP access control // JSON脆弱性対策(Adv.では外部にAjax APIを提供することを考慮しない) // https://developer.mozilla.org/ja/HTTP_Access_Control $headers['Access-Control-Allow-Origin'] = Router::get_script_uri(); // Content Security Policy // https://developer.mozilla.org/ja/Security/CSP/Using_Content_Security_Policy //$headers['Content-Security-Policy'] ='default-src \'self\' \'unsafe-inline\' ' . Render::JQUERY_CDN . ' ' . Render::BOOTSTRAP_CDN . '; img-src *;'; // IEの自動MIME type判別機能を無効化する // http://msdn.microsoft.com/ja-jp/ie/dd218497.aspx $headers['X-Content-Type-Options'] = 'nosniff'; // クリックジャッキング対策(IFRAME呼び出しは禁止!) // https://developer.mozilla.org/ja/The_X-FRAME-OPTIONS_response_header $headers['X-Frame-Options'] = 'deny'; // XSS脆弱性対策(これでいいのか?) // http://msdn.microsoft.com/ja-jp/ie/dd218482 $headers['X-XSS-Protection'] = '1; mode=block'; // PingBack if ($vars['cmd'] === 'read' && isset($vars['page'])) { $headers['X-Pingback'] = Router::get_cmd_uri('xmlrpc'); } return $headers; }
function plugin_unfreeze_action() { global $vars, $function_freeze, $_unfreeze_msg; $page = isset($vars['page']) ? $vars['page'] : ''; $wiki = Factory::Wiki($page); if (!$function_freeze || !$wiki->isEditable(false, true) || !$wiki->isValied($page)) { return array('msg' => $_unfreeze_msg['title_disabled'], 'body' => '<p class="alert alert-danger">You have no permission to unfreeze this page.</p>'); } $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $msg = ''; $body = array(); if (!$wiki->isFreezed()) { // Unfreezed already $msg = str_replace('$1', Utility::htmlsc(Utility::stripBracket($page)), $_unfreeze_msg['title_isunfreezed']); $body[] = '<p class="alert alert-info">' . $msg . '</p>'; } else { if (!Auth::check_role('role_contents_admin') || $pass !== NULL && Auth::login($pass)) { // BugTrack2/255 $wiki->checkReadable(); // Unfreeze $postdata = $wiki->get(); array_shift($postdata); $wiki->set($postdata); // Update if (PLUGIN_UNFREEZE_EDIT) { // BugTrack2/255 $wiki->checkEditable(true); // $vars['cmd'] = 'read'; // To show 'Freeze' link $vars['cmd'] = 'edit'; } else { $vars['cmd'] = 'read'; } $msg = str_replace('$1', Utility::htmlsc(Utility::stripBracket($page)), $_unfreeze_msg['title_unfreezed']); $body[] = !IS_AJAX ? '' : '<p class="alert alert-success">' . $msg . '</p>'; $body[] = '<div class="pull-right"><a href="' . $wiki->uri() . '" class="btn btn-primary">OK</a></div>'; Utility::redirect($wiki->uri()); exit; } else { // Show unfreeze form $msg = $_unfreeze_msg['title_unfreeze']; $body[] = $pass === NULL ? '' : '<p class="alert alert-danger">' . $_unfreeze_msg['msg_invalidpass'] . '</p>' . "\n"; $body[] = '<fieldset>'; $body[] = '<legend>' . $_unfreeze_msg['msg_unfreezing'] . '</legend>'; $body[] = '<form action="' . Router::get_script_uri() . '" method="post" class="form-inline plugin-freeze-form">'; $body[] = '<input type="hidden" name="cmd" value="unfreeze" />'; $body[] = '<input type="hidden" name="page" value="' . Utility::htmlsc($page) . '" />'; $body[] = '<input type="password" name="pass" size="12" class="form-control" />'; $body[] = '<button type="submit" class="btn btn-primary" name="ok"><span class="fa fa-lock"></span>' . $_unfreeze_msg['btn_unfreeze'] . '</button>'; $body[] = '</form>'; $body[] = '</fieldset>'; } } return array('msg' => $msg, 'body' => join("\n", $body)); }
function plugin_search_action() { global $post, $vars; global $_search_msg, $_LANG; /* if (isset($vars['update_index'])){ PukiWiki\SearchLucene::updateIndex(); return array('msg'=>'done.'); } */ if (PLUGIN_SEARCH_DISABLE_GET_ACCESS) { $s_word = isset($post['word']) ? htmlsc($post['word']) : ''; } else { $s_word = isset($vars['word']) ? htmlsc($vars['word']) : ''; } if (strlen($s_word) > PLUGIN_SEARCH_MAX_LENGTH) { unset($vars['word']); // Stop using $_msg_word at lib/html.php die_message('Search words too long'); } $type = isset($vars['type']) ? $vars['type'] : ''; $base = isset($vars['base']) ? $vars['base'] : ''; $format = isset($vars['format']) ? $vars['format'] : 'html'; switch ($format) { case 'xml': // OpenSearch // http://www.opensearch.org/ global $site_name, $notify_from, $shortcut_icon; $ret = array('<?xml version="1.0" encoding="UTF-8"?>', '<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">', '<ShortName>' . $_search_msg['title_search'] . ' - ' . $site_name . '</ShortName>', '<Description>' . $_search_msg['title_search'] . ' - ' . $site_name . '</Description>', '<Contact>' . $notify_from . '</Contact>', '<Image height="16" width="16" type="image/x-icon">data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2F%2F%2F%2FBP%2F8%2BjT%2F7%2BdK%2F%2F38M%2F%2F%2F%2Fw0AAAAAAAAAAAAAAAAAAAAA%2F%2F%2F%2FC%2F%2F%2B%2FTH%2F7%2BdK%2F%2Fv4N%2F%2F%2F%2FwUAAAAA%2F%2F%2F%2FBf%2Ft5IH%2F5djE%2F%2FLsn%2F7u5pT63tKe%2BNzLkOjFmnnq27p%2B%2BOfXk%2Fnl06z%2B7eOV%2F%2FLsn%2F%2Fm2cD%2F6%2BGM%2F%2F%2F%2FBv%2F072P%2F5til%2F%2F%2F%2FGfz4%2BB%2FrqJOE9qBr7vukUv3%2FzoL%2F%2F%2Bao%2F%2Fznsv7337j4662LwPXWyyX%2F%2F%2F8Y%2F%2Bfbmv%2Fz7XD%2F7uaJ%2F%2FDohf%2F%2F%2FwH729Ib9loZzv97Jv7%2Fo0v%2F%2F%2BOt%2F%2F%2Fmrf%2F%2F0oD%2F%2F9KC%2F%2Fm3bu3vsZopAAAAAP%2Fw6H7%2F7uaQ%2FvHpgP%2Fy7JL%2F9vQW%2F1kvvf9UEef%2Fhj7v%2F%2FPP9%2F%2F95Pv%2F9df7%2F7FQ%2Bf%2BxUPT%2F0IPq%2F8V3xf%2F69RT%2F8uyR%2FvHphv%2F28Vr%2F9vGB%2F6qWsf9jK%2Bb%2FhEjm%2F7iF5v%2F16Ob%2F59Ln%2F9iw5%2F%2BZL%2Bf%2Fnzvm%2F%2Bq15v%2B1Zeb%2Bxp6x%2F%2Fbygf%2F07mf%2F%2F%2F8R%2FvHqkP68p9f%2FoW7o%2F4BL5v%2BCROb%2FfCrm%2F4Al5v%2BRPOb%2FvIXm%2F9Sp5v%2Fuxeb%2FsnHn%2F8Ci3f7x6o7%2F%2F%2F8XAAAAAP%2F38lz9o4Tu%2F9K28%2F%2FUs%2Bb%2FYxrm%2F3os5v%2BWSeb%2F1LPm%2F%2F%2F%2F5v%2F%2F%2Feb%2F9Nfm%2F9Wy8v%2BceO7%2F9fBoAAAAAAAAAAD%2F%2BfZD%2Brig8%2F%2FRtvH%2F8OLv%2F5dg5v%2BOSub%2FnFjm%2F8KW5v%2F%2F%2F%2Bb%2F%2F%2F7m%2F%2FPg7v%2FMqfH%2FsZnz%2F%2FfzTQAAAAD%2F%2F%2F8J%2F%2FDpku2EZcL8up71%2F%2BfW8v%2FUu%2B7%2Fp3Dm%2F6hw5v%2FKo%2Bb%2F4s7m%2F8ip7f%2FkzvP%2FzbD1%2FXxazP%2Fw6ZH%2F%2F%2F8O%2F%2Fn1SP%2F18ILtooy19Zt16v%2FUvfL%2Fz7Xy%2F9G07%2F%2FDmub%2F1bnm%2F%2FDn7v%2Fw4%2FL%2F38jy%2FYhb6%2FeTfbn%2F9fCB%2F%2FfyVf%2Fy63v%2F9O6N%2FPX1Hed%2BW7z%2BuZjq%2F%2Bja9P%2Fo2PH%2F4c3y%2F9i%2F8v%2Ft3%2FL%2F4s%2F0%2FKV%2B6%2BlUL8f77%2B0c%2F%2FTujf%2Fy64H%2F7OKA%2F%2FTvhv%2F%2F%2FwL35OAa9rmgwP%2F58On%2B7eL2%2F%2Bre%2BP7j1Pj%2B4M72%2BrCN6uNeOcb22dQi%2F%2F%2F%2FAf%2F074H%2F7OKG%2F%2FLsbf%2Fs4qj%2F%2F%2F8J%2F%2F%2F%2FDv3y8EX84tbL%2Fenh2v7m2vn93s%2F6%2BMq42%2FS6p8z77OhM%2F%2F%2F%2FD%2F%2F%2F%2Fwj%2F7eSc%2F%2FHqev%2F%2F%2Fwn%2F6NyN%2F%2BjcvP%2Fw6KH%2F8ema%2F%2B%2Fmk%2F%2Fv54%2F%2F%2B%2Fk2%2F%2Fv6MP%2Fv54z%2F7%2BaU%2F%2FDpmf%2Fw6KH%2F6d65%2FubZmP%2F%2F%2FwwAAAAA%2F%2F%2F%2FBf%2F59UP%2B7eNl%2FvPtVv%2F%2F%2Fx7%2F%2F%2F8CAAAAAAAAAAD%2F%2F%2F8C%2F%2F%2F%2FG%2F%2F07lP%2B7eNl%2F%2Fj0R%2F%2F%2F%2FwcAAAAAg8GsQQAArEEAAKxBAASsQQAArEEAAKxBAACsQYABrEGAAaxBAACsQQAArEEAAKxBAACsQQAArEEAAKxBgYGsQQ%3D%3D</Image>', '<Language>' . DEFAULT_LANG . '</Language>', '<InputEncoding>UTF-8</InputEncoding>', '<OutputEncoding>UTF-8</OutputEncoding>', '<Url type="text/html" method="' . (!PLUGIN_SEARCH_DISABLE_GET_ACCESS ? 'get' : 'post') . '" template="' . Router::get_script_uri() . '">', '<Param name="cmd" value="search" />', '<Param name="encode_hint" value="' . PKWK_ENCODING_HINT . '" />', '<Param name="type" value="AND" />', '<Param name="word" value="{searchTerms}" />', '</Url>', '<Url type="application/x-suggestions+json" template="' . Router::get_cmd_uri('list', null, null, array('type' => 'json')) . '&word={searchTerms}" />', '<moz:SearchForm>' . Router::get_cmd_uri('search') . '</moz:SearchForm>', '</OpenSearchDescription>'); header('Content-Type:application/opensearchdescription+xml'); echo join("\n", $ret); exit; break; default: if ($s_word !== '') { // Search $msg = str_replace('$1', $s_word, $_search_msg['title_result']); $body = Search::do_search($vars['word'], $type, FALSE, $base); } else { // Init unset($vars['word']); // Stop using $_msg_word at lib/html.php $msg = $_search_msg['title_search']; $body = '<p>' . $_search_msg['msg_searching'] . '</p>' . "\n"; } // Show search form $bases = $base == '' ? array() : array($base); $body .= plugin_search_search_form($s_word, $type, $bases); break; } return array('msg' => $msg, 'body' => $body); }
/** * 書き込み * @global boolean $notify * @global boolean $notify_diff_only * @param string $str */ public function set($diffdata = '', $keeptimestamp = false) { global $notify, $notify_diff_only, $notify_subject; // 差分を作成 //$diff = new Diff(WikiFactory::Wiki($this->page)->source(true), explode("\n",$postdata)); //$str = $diff->getDiff(); if ($notify) { $str = $notify_diff_only ? preg_replace('/^[^-+].*\\n/m', '', $diffdata) : $diffdata; $summary = array('ACTION' => 'Page update', 'PAGE' => &$page, 'URI' => Router::get_script_uri() . '?' . rawurlencode($page), 'USER_AGENT' => TRUE, 'REMOTE_ADDR' => TRUE); Mailer::notify($notify_subject, $str, $summary) or Utility::dieMessage('Mailer::notify(): Failed'); } parent::set($diffdata); }
function plugin_links_action() { global $post, $vars, $foot_explain; global $_links_messages, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this'); if (Auth::check_role('readonly')) { Utility::dieMessage($_string['error_prohibit']); } $msg = $_links_messages['title_update']; $admin_pass = empty($post['adminpass']) ? null : $post['adminpass']; if (isset($vars['execute']) && $vars['execute'] === 'true') { if (!Auth::check_role('role_contents_admin') || Auth::login($admin_pass)) { // $force = (isset($post['force']) && $post['force'] === 'on') ? true : false; $links = new Relational(''); $links->init(); return array('msg' => $msg, 'body' => $_links_messages['msg_done']); } else { $msg = $_links_messages['msg_error']; } } $body = RendererFactory::factory(sprintf($_links_messages['msg_usage1'])); $script = Router::get_script_uri(); if (Auth::check_role('role_contents_admin')) { $body .= RendererFactory::factory(sprintf($_links_messages['msg_usage2'])); } $body .= <<<EOD <form method="post" action="{$script}" class="form-inline plugin-links-form"> \t<input type="hidden" name="cmd" value="links" /> \t<input type="hidden" name="execute" value="true" /> EOD; if (Auth::check_role('role_contents_admin')) { $body .= <<<EOD \t<div class="form-group"> \t\t<label for="_p_links_adminpass" class="sr-only">{$_links_messages['msg_adminpass']}</label> \t\t<input type="password" name="adminpass" id="_p_links_adminpass" class="form-control" size="20" value="" placeholder="{$_links_messages['msg_adminpass']}" /> \t</div> EOD; } $body .= <<<EOD \t<!--div class="checkbox"> \t\t<input type="checkbox" name="force" id="_c_force" /> \t\t<label for="_c_force">{$_links_messages['btn_force']}</label> \t</div--> \t<input type="submit" class="btn btn-primary" value="{$_links_messages['btn_submit']}" /> </form> EOD; return array('msg' => $msg, 'body' => $body); }
function plugin_freeze_action() { global $vars, $function_freeze, $_freeze_msg; $page = isset($vars['page']) ? $vars['page'] : null; if (is_null($page)) { return array('msg' => 'Not Found', 'body' => 'Page not found'); } $wiki = Factory::Wiki($page); if (!$function_freeze || !$wiki->isEditable(true) || !$wiki->has()) { return array('msg' => $_freeze_msg['title_disabled'], 'body' => '<p class="alert alert-danger">You have no permission to freeze this page.</p>'); } $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $msg = ''; $body = array(); if ($wiki->isFreezed()) { // Freezed already $msg = str_replace('$1', Utility::htmlsc(Utility::stripBracket($page)), $_freeze_msg['title_isfreezed']); $body[] = '<p class="alert alert-info">' . $msg . '</p>'; } else { if (!Auth::check_role('role_contents_admin') || $pass !== NULL && Auth::login($pass)) { // Freeze $postdata = $wiki->get(); array_unshift($postdata, "#freeze"); //凍結をページに付加 $wiki->set($postdata, true); // Update //$wiki->is_freezed(); $vars['cmd'] = 'read'; $msg = str_replace('$1', Utility::htmlsc(Utility::stripBracket($page)), $_freeze_msg['title_freezed']); $body[] = !IS_AJAX ? '' : '<p class="alert alert-success">' . $msg . '</p><div class="pull-right"><a href="' . $wiki->uri() . '" class="btn btn-primary">OK</a></div>'; } else { // Show a freeze form $msg = $_freeze_msg['title_freeze']; $body[] = $pass === NULL ? '' : '<p class="alert alert-warning">' . $_freeze_msg['msg_invalidpass'] . '</p>'; $body[] = '<fieldset>'; $body[] = '<legend>' . $_freeze_msg['msg_freezing'] . '</legend>'; $body[] = '<form action="' . Router::get_script_uri() . '" method="post" class="form-inline plugin-freeze-form">'; $body[] = '<input type="hidden" name="cmd" value="freeze" />'; $body[] = '<input type="hidden" name="page" value="' . Utility::htmlsc($page) . '" />'; $body[] = '<input type="password" name="pass" size="12" class="form-control" />'; $body[] = '<button type="submit" class="btn btn-primary" name="ok"><span class="fa fa-lock"></span>' . $_freeze_msg['btn_freeze'] . '</button>'; $body[] = '</form>'; $body[] = '</fieldset>'; } } return array('msg' => $msg, 'body' => join("\n", $body)); }
function filelist_adm($pass) { global $_filelist_msg; global $vars; $msg_pass = $_filelist_msg['msg_input_pass']; $btn = $_filelist_msg['btn_exec']; $body = ""; if ($pass == '__nopass__') { $body .= "<p><strong>" . $_filelist_msg['msg_no_pass'] . "</strong></p>"; } $script = Router::get_script_uri(); $body .= <<<EOD <fieldset> \t<legend>{$msg_pass}</legend> \t<form action="{$script}" method="post" class="form-inline plugin-filelist-form"> \t\t<input type="hidden" name="cmd" value="filelist" /> \t\t<input type="password" name="pass" size="12" class="form-control" /> \t\t<input type="submit" class="btn btn-primary" name="ok" value="{$btn}" /> \t</form> </fieldset> EOD; return array('msg' => $_filelist_msg['msg_H0_filelist'], 'body' => $body); }
function plugin_rename_phase2($err = '') { global $_rename_messages; $msg = plugin_rename_err($err); $page = plugin_rename_getvar('page'); $refer = plugin_rename_getvar('refer'); if ($page == '') { $page = $refer; } $msg_related = ''; $related = plugin_rename_getrelated($refer); if (!empty($related)) { $msg_related = '<input type="checkbox" name="related" id="_p_rename_related" value="1" checked="checked" />' . '<label for="_p_rename_related">' . $_rename_messages['msg_do_related'] . '</label><br />'; } $msg_rename = sprintf($_rename_messages['msg_rename'], make_pagelink($refer)); $s_page = Utility::htmlsc($page); $s_refer = Utility::htmlsc($refer); $ret = array(); $ret['msg'] = $_rename_messages['msg_title']; $script = Router::get_script_uri(); $ret['body'] = <<<EOD {$msg} <fieldset> \t<legend>{$msg_rename}</legend> \t<form action="{$script}" method="post" class="plugin-rename-form"> \t\t<input type="hidden" name="cmd" value="rename" /> \t\t<input type="hidden" name="refer" value="{$s_refer}" /> \t\t<div class="form-group"> \t\t\t<label for="_p_rename_newname">{$_rename_messages['msg_newname']}:</label> \t\t\t<input type="text" name="page" id="_p_rename_newname" size="40" value="{$s_page}" class="form-control" /> \t\t</div> \t\t{$msg_related} \t\t<input type="submit" class="btn btn-warning" value="{$_rename_messages['btn_next']}" /> \t</form> </fieldset> EOD; if (!empty($related)) { $ret['body'] .= '<hr /><p>' . $_rename_messages['msg_related'] . '</p><ul>'; sort($related, SORT_STRING); foreach ($related as $name) { $ret['body'] .= '<li>' . make_pagelink($name) . '</li>'; } $ret['body'] .= '</ul>'; } return $ret; }
function attach_form($page) { global $_attach_messages; if (!ini_get('file_uploads')) { return '<p class="alert alert-warning">#attach(): <code>file_uploads</code> disabled.</p>'; } if (!Factory::Wiki($page)->has()) { return '<p class="alert alert-warning">#attach(): No such page.</p>'; } $attach_form[] = '<form enctype="multipart/form-data" action="' . Router::get_script_uri() . '" method="post" class="form-inline plugin-attach-form" data-collision-check="false">'; $attach_form[] = '<input type="hidden" name="cmd" value="attach" />'; $attach_form[] = '<input type="hidden" name="pcmd" value="post" />'; $attach_form[] = '<input type="hidden" name="page" value="' . Utility::htmlsc($page) . '" />'; $attach_form[] = '<input type="hidden" name="MAX_FILE_SIZE" value="' . PLUGIN_ATTACH_MAX_FILESIZE . '" />'; $attach_form[] = '<div class="form-group">'; $attach_form[] = '<label for="_p_attach_file" class="sr-only">' . $_attach_messages['msg_file'] . ':</label>'; $attach_form[] = '<input type="file" name="' . PLUGIN_ATTACH_FILE_FIELD_NAME . '[]" id="_p_attach_file" class="form-control" multiple="multiple" />'; $attach_form[] = '</div>'; if ((PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) && Auth::check_role('role_contents_admin')) { $attach_form[] = '<div class="form-group">'; $attach_form[] = '<input type="password" name="pass" size="8" class="form-control" />'; $attach_form[] = '</div>'; } $attach_form[] = '<button class="btn btn-primary" type="submit"><span class="fa fa-upload"></span>' . $_attach_messages['btn_upload'] . '</button>'; $attach_form[] = '</form>'; $attach_form[] = '<ul class="plugin-attach-ul">'; $attach_form[] = (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) && Auth::check_role('role_contents_admin') ? '<li>' . $_attach_messages[PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'msg_adminpass' : 'msg_password'] . '</li>' : ''; $attach_form[] = '<li>' . sprintf($_attach_messages['msg_maxsize'], '<var>' . number_format(PLUGIN_ATTACH_MAX_FILESIZE / 1024) . '</var>KB') . '</li>'; $attach_form[] = '<li>' . $_attach_messages['msg_multiple'] . '</li>'; $attach_form[] = '</ul>'; return join("\n", $attach_form); }
public function __construct($page, $number) { $this->page = $page; $this->table_num = $number; $this->script_uri = Router::get_script_uri(); }
/** * リンク元にアクセスして自サイトへのアドレスが存在するかのチェック * @return boolean */ private function is_not_valid_referer() { static $condition; // 本来は正規化されたアドレスでチェックするべきだろうが、 // めんどうだからスクリプトのアドレスを含むかでチェック // global $vars; // $script = get_page_absuri(isset($vars['page']) ? $vars['page'] : ''); if (empty($condition)) { $parse_url = Router::get_script_uri(); $condition = $parse_url['host'] . $parse_url['path']; // QueryStringは評価しない。 } $response = ClientStatic::get($this->referer); if (!$response->isSuccess()) { return true; } $dom = new Query($response->getBody()); $results = $dom->execute('a[href=^"' . $condition . '"]'); foreach ($results as $element) { // hrefがhttpから始まるaタグを走査 if (preg_match('/' . $condition . '/i', $element->href) !== 0) { return false; break; } } return true; }
/** * CAPTCHAチェック * @param boolean $save セッションに保存するか * @param string $message エラーメッセージの内容 */ public static function check($save = true, $message = '', $multipart = false) { global $recaptcha_public_key, $recaptcha_private_key, $vars, $session, $_string, $_button; // Captchaのセッション名(ticketとリモートホストの加算値。ticketはプログラマーから見てもわからない) $session_name = self::CAPTCHA_SESSION_PREFIX . md5(Utility::getTicket() . REMOTE_ADDR); if ($save && $session->offsetExists($session_name) && $session->offsetGet($session_name) === true) { // CAPTCHA認証済みの場合 // return array('msg'=>'CAPTCHA','body'=>'Your host was already to challenged.'); return; } if (isset($recaptcha_public_key) && isset($recaptcha_private_key)) { // reCaptchaを使う場合 $captcha = new ReCaptcha($recaptcha_public_key, $recaptcha_private_key); // 入力があった場合 if (isset($vars['recaptcha_challenge_field']) && isset($vars['recaptcha_response_field'])) { if ($captcha->verify($vars['recaptcha_challenge_field'], $vars['recaptcha_response_field'])) { if ($save) { // captcha認証済セッションを保存 $session->offsetSet($session_name, true); // captcha認証済セッションの有効期間を設定 $session->setExpirationSeconds($session_name, self::CAPTCHA_SESSION_EXPIRE); } // return array('msg'=>'CAPTCHA','body'=>'OK!'); return; // ここで書き込み処理に戻る } else { // CAPTCHA認証失敗ログをつける Utility::dump('captcha'); $message = $_string['captcha_failure']; } // チャレンジ&レスポンスデーターを削除 unset($vars['recaptcha_challenge_field'], $vars['recaptcha_response_field']); } // 念のためcaptcha認証済みセッションを削除 $session->offsetUnset($session_name); // reCaptchaの設定をオーバーライド // 言語設定 $captcha->setOption('lang', substr(LANG, 0, 2)); // テーマ $captcha->setOption('theme', self::RECAPTCHA_THEME); $form = $captcha->getHTML(); } else { // reCaptchaを使わない場合 $captcha_dir = CACHE_DIR . self::CAPTCHA_IMAGE_DIR_NAME . DIRECTORY_SEPARATOR; self::mkdir_r($captcha_dir); if (isset($vars['challenge_field']) && isset($vars['response_field'])) { // Captchaチェック処理 if ($session->offsetGet(self::CAPTCHA_SESSION_PREFIX . $vars['response_field']) === strtolower($vars['challenge_field'])) { if ($save) { // captcha認証済セッションを保存 $session->offsetSet($session_name, true); // captcha認証済セッションの有効期間を設定 $session->setExpirationSeconds($session_name, self::CAPTCHA_SESSION_EXPIRE); } // 認証用セッションの削除 $session->offsetUnset(self::CAPTCHA_SESSION_PREFIX . $vars['response_field']); if (file_exists($captcha_dir . $vars['response_field'] . '.png')) { // キャッシュ画像を削除 unlink($captcha_dir . $vars['response_field'] . '.png'); } // return array('msg'=>'CAPTCHA','body'=>'OK!'); return; // ここで書き込み処理に戻る } else { // CAPTCHA認証失敗ログをつける Utility::dump('captcha'); $message = $_string['captcha_failure']; } // チャレンジ&レスポンスデーターを削除 unset($vars['response_field'], $vars['challenge_field']); } // 念のためcaptcha認証済みセッションを削除 $session->offsetUnset($session_name); // GDが使える場合、画像認証にする if (extension_loaded('gd')) { // フォルダが存在しない場合作成を試みる if (!file_exists($captcha_dir)) { mkdir($captcha_dir); chmod(0777, $captcha_dir); } // 古い画像を削除する $di = new DirectoryIterator($captcha_dir); foreach ($di as $f) { if (!$f->isFile()) { // ファイルでない continue; } if (time() - $f->getMTime() > self::CAPTCHA_TIMEOUT) { // タイムアウト時間よりも古いファイルは削除する unlink($f->getRealPath()); } } /* $handle = opendir($captcha_dir,null); if ($handle) { while( $entry = readdir($handle) ){ if( $entry !== '.' && $entry !== '..'){ $f = realpath($captcha_dir . $entry); if (time() - filectime($f) > self::CAPTCHA_TIMEOUT) unlink($f); } } closedir($handle); } */ // 画像CAPTCHAを生成 $captcha = new Image(array('wordLen' => self::CAPTCHA_WORD_LENGTH, 'timeout' => self::CAPTCHA_TIMEOUT, 'font' => LIB_DIR . self::CAPTCHA_IMAGE_FONT, 'ImgDir' => $di->getPath())); $captcha->generate(); // cache_refプラグインを用いて画像を表示 $form = '<img src="' . Router::get_cmd_uri('cache_ref', null, null, array('src' => self::CAPTCHA_IMAGE_DIR_NAME . '/' . $captcha->getId() . '.png')) . '" height="' . $captcha->getHeight() . '" width="' . $captcha->getWidth() . '" alt="' . Utility::htmlsc($captcha->getImgAlt()) . '" /><br />' . "\n"; // 画像を取得 } else { // GDがない場合アスキーアート $captcha = new Figlet(array('wordLen' => self::CAPTCHA_WORD_LENGTH, 'timeout' => self::CAPTCHA_TIMEOUT)); $captcha->generate(); // \が¥に見えるのでフォントを明示的に指定。 $form = '<pre style="font-family: Monaco, Menlo, Consolas, \'Courier New\' !important;">' . Utility::htmlsc($captcha->getFiglet()->render($captcha->getWord())) . '</pre>' . "\n" . '<br />' . "\n"; // AAを取得 } // 識別子のセッション名 $response_session = self::CAPTCHA_SESSION_PREFIX . $captcha->getId(); // 識別子のセッションを発行 $session->offsetSet($response_session, $captcha->getWord()); // captchaの有効期間 $session->setExpirationSeconds($response_session, self::CAPTCHA_TIMEOUT); $form .= '<input type="hidden" name="response_field" value="' . $captcha->getId() . '" />' . "\n"; $form .= '<div class="input-group">'; $form .= '<span class="input-group-addon"><span class="fa fa-key"></span></span>'; $form .= '<input type="text" class="form-control" name="challenge_field" maxlength="' . $captcha->getWordLen() . '" size="' . $captcha->getWordLen() . '" />'; $form .= '<span class="input-group-btn">'; $form .= '<button type="submit" class="btn btn-primary" value="submit">' . $_button['submit'] . '</button>'; $form .= '</span>'; $form .= '</div>'; // $form .= $captcha->getWord(); } // $ret[] = $session->offsetExists($session_name) ? 'true' : 'false'; // $ret[] = Zend\Debug\Debug::Dump($vars); // $ret[] = Zend\Debug\Debug::Dump($captcha->getSession()); if (!empty($message)) { $ret[] = '<p class="alert alert-warning"><span class="fa fa-warning"></span>' . $message . '</p>'; } // PostIdが有効な場合 if (isset($use_spam_check['multiple_post']) && $use_spam_check['multiple_post'] === 1) { $vars['postid'] = PostId::generate($vars['cmd']); } $ret[] = '<fieldset>'; $ret[] = '<legend>CAPTCHA</legend>'; $ret[] = '<p>' . $_string['captcha_msg'] . '</p>'; // フォームを出力 $ret[] = '<form method="post" action="' . Router::get_script_uri() . '" method="post" class="form-inline">'; //unset($vars['ajax']); // ストアされている値を出力 foreach ($vars as $key => $value) { if ($key === 'ajax') { continue; } if (strpos($key, 'attach_file', 0) === 0) { // ファイルフォームだった場合。(あまりいい実装ではない) $ret[] = '<input type="file" name="' . $key . '" value="' . (!empty($value) ? Utility::htmlsc($value) : '') . '" class="hidden" />'; continue; } $ret[] = '<input type="hidden" name="' . $key . '" value="' . (!empty($value) ? Utility::htmlsc($value) : '') . '" />'; } // CAPTCHAフォームを出力 $ret[] = $form; $ret[] = '</form>'; $ret[] = '</fieldset>'; // return array('msg'=>'CAPTCHA','body'=>join("\n",$ret)); new Render('CAPTCHA', join("\n", $ret)); exit; }
function plugin_attachref_inline() { global $vars, $digest; global $_attachref_messages; # static $numbers = array(); # static $no_flag = 0; # if (!array_key_exists($vars['page'],$numbers)) # { # $numbers[$vars['page']] = 0; # } # $attachref_no = $numbers[$vars['page']]++; $ret = ''; $dispattach = 1; $extra_options = array(); $args = func_get_args(); $btn_text = array_pop($args); $btn_text = $btn_text ? $btn_text : $_attachref_messages['btn_submit']; $options = plugin_attachref_options($extra_options, $args); $button = $extra_options['button']; $attachref_no = $extra_options['refnum']; $btn_text .= $extra_options['text']; # $button = 0; $args = func_get_args(); # $btn_text = array_pop($args); # $btn_text = $btn_text ? $btn_text : $_attachref_messages['btn_submit']; # $options = array(); # foreach ( $args as $opt ){ # if ( $opt === 'button' ){ # $button = 1; # } # else if ( $opt === 'number' ){ # $no_flag = 1; # } # else if ( $opt === 'nonumber' ){ # $no_flag = 0; # } # else { # array_push($options, $opt); # } # } # $btn_text .= ( $no_flag == 1 ) ? "[$attachref_no]" : ''; $args = $options; if (count($args) && $args[0] != '') { require_once PLUGIN_DIR . 'ref.inc.php'; $params = plugin_ref_body($args, $vars['page']); if (isset($params['_error'])) { $ret = $params['_error']; $dispattach = 1; } else { $ret = $params['_body']; $dispattach = 0; } } if ($dispattach) { // Escape foreign value $s_args = trim(join(",", $args)); if ($button) { $script = Router::get_script_uri(); $s_args .= ',button'; $f_page = Utility::htmlsc($vars['page']); $f_args = Utility::htmlsc($s_args); $ret = <<<EOD <form action="{$script}" method="post" class="plugin-attacherf-form"> \t<input type="hidden" name="attachref_no" value="{$attachref_no}" /> \t<input type="hidden" name="attachref_opt" value="{$f_args}" /> \t<input type="hidden" name="digest" value="{$digest}" /> \t<input type="hidden" name="cmd" value="attachref" /> \t<input type="hidden" name="refer" value="{$f_page}" /> \t{$ret} \t<input class="btn btn-secondary" type="submit" value="{$btn_text}" /> </form> EOD; } else { $f_btn_text = preg_replace('/<[^<>]+>/', '', $btn_text); $btn_url = get_cmd_uri('attachref', $vars['page'], '', array('attachref_no' => $attachref_no, 'attachref_opt' => $s_args, 'refer' => $vars['page'], 'digest' => $digest)); $ret .= '<a href="' . $btn_url . '" title="' . $f_btn_text . '"><small><span class="fa fa-paperclip">' . $btn_text . '</span></small></a>'; } } return $ret; }
/** * 編集画面を表示 * @param string $page 編集しようとしているページ名 * @param string $data 入力データー * @param boolean $show_template テンプレートを表示するか */ public static function editForm($page, $data, $show_template = TRUE) { global $vars, $session; global $_button, $_string; global $notimeupdate, $load_template_func, $load_refer_related; if (empty($page)) { return self::dieMessage('Page name was not defined.'); } $postdata = is_array($data) ? join("\n", $data) : $data; $original = isset($vars['original']) ? $vars['original'] : $postdata; // ticketは、PliginRenderer::addHiddenField()で自動挿入されるので、同じアルゴリズムでチケット名を生成 $ticket_name = md5(Utility::getTicket() . REMOTE_ADDR); // BugTrack/95 fix Problem: browser RSS request with session $session->offsetSet('origin-' . $ticket_name, md5(self::getTicket() . str_replace("\r", '', $original))); $ret[] = '<form action="' . Router::get_script_uri() . '" role="form" method="post" class="form-edit" data-collision-check-strict="true">'; $ret[] = '<input type="hidden" name="cmd" value="edit" />'; $ret[] = '<input type="hidden" name="page" value="' . self::htmlsc($page) . '" />'; $ret[] = isset($vars['id']) ? '<input type="hidden" name="id" value="' . self::htmlsc($vars['id']) . '" />' : null; if ($load_template_func && $show_template) { // ひな形を読み込む foreach (Listing::pages() as $_page) { $_w = Factory::Wiki($_page); if (!$_w->isEditable() || $_w->isHidden()) { continue; } $_s_page = self::htmlsc($_page); $_pages[$_page] = '<option value="' . $_s_page . '">' . $_s_page . '</option>' . "\n"; } // ナチュラルソート ksort($_pages, SORT_NATURAL); $ret[] = '<div class="form-inline">'; $ret[] = '<div class="form-group">'; $ret[] = '<select class="form-control" name="template_page" class="template">'; $ret[] = '<option value="" disabled="disabled" selected="selected">-- ' . $_button['template'] . ' --</option>'; $ret[] = join("\n", $_pages); $ret[] = '</select>'; $ret[] = '</div>'; $ret[] = '<button type="submit" class="btn btn-secondary" name="template" accesskey="l">' . $_button['load'] . '</button>'; $ret[] = '</div>'; unset($_s_page, $_w, $_pages); } // 編集フォーム $ret[] = '<textarea name="msg" id="msg" rows="15" class="form-control">' . self::htmlsc(($load_refer_related && isset($vars['refer']) && !empty($vars['refer']) ? '[[' . self::stripBracket($vars['refer']) . ']]' . "\n\n" : '') . $postdata) . '</textarea>'; $ret[] = '<div class="form-inline">'; if (IS_MOBILE) { // モバイル用 $ret[] = '<input type="submit" id="btn_submit" name="write" value="' . $_button['update'] . '" data-icon="check" data-inline="true" data-theme="b" />'; $ret[] = '<input type="submit" id="btn_preview" name="preview" value="' . $_button['preview'] . '" accesskey="p" data-icon="gear" data-inline="true" data-theme="e" />'; $ret[] = '<input type="submit" id="btn_cancel" name="cancel" value="' . $_button['cancel'] . '" accesskey="c" data-icon="delete" data-inline="true" />'; $ret[] = $notimeupdate === 2 && Auth::check_role('role_contents_admin') ? '<div data-role="fieldcontain">' : null; if ($notimeupdate !== 0 && Factory::Wiki($page)->isValied()) { // タイムスタンプを更新しないのチェックボックス $ret[] = '<input type="checkbox" name="notimestamp" id="_edit_form_notimestamp" value="true" ' . (isset($vars['notimestamp']) ? ' checked="checked"' : null) . ' />'; $ret[] = '<label for="_edit_form_notimestamp" data-inline="true">' . $_button['notchangetimestamp'] . '</label>'; } // 管理人のパス入力 $ret[] = $notimeupdate == 2 && Auth::check_role('role_contents_admin') ? '<input type="password" name="pass" size="12" data-inline="true" />' . "\n" . '</div>' : null; $ret[] = isset($vars['add']) ? '<input type="checkbox" name="add_top" value="true"' . (isset($vars['add']) ? ' checked="checked"' : '') . ' /><label for="add_top">' . $_button['addtop'] . '</label>' : null; } else { // 通常用 $ret[] = '<button type="submit" class="btn btn-primary" name="write" accesskey="s"><span class="fa fa-check"></span>' . $_button['update'] . '</button>'; $ret[] = isset($vars['add']) ? '<input type="checkbox" name="add_top" value="true"' . (isset($vars['add']) ? ' checked="checked"' : '') . ' /><label for="add_top">' . $_button['addtop'] . '</label>' : null; $ret[] = '<button type="submit" class="btn btn-secondary" name="preview" accesskey="p"><span class="fa fa-eye"></span>' . $_button['preview'] . '</button>'; if ($notimeupdate !== 0 && Factory::Wiki($page)->isValied()) { // タイムスタンプを更新しないのチェックボックス $ret[] = '<div class="checkbox">'; $ret[] = '<input type="checkbox" name="notimestamp" id="_edit_form_notimestamp" value="true"' . (isset($vars['notimestamp']) ? ' checked="checked"' : null) . ' />'; $ret[] = '<label for="_edit_form_notimestamp">' . $_button['notchangetimestamp'] . '</label>'; $ret[] = '</div>'; // $ret[] = '<div class="checkbox">'; // $ret[] = '<input type="checkbox" name="ping" id="_edit_form_ping" value="true"' . (isset($vars['ping']) ? ' checked="checked"' : null) . ' />'; // $ret[] = '<label for="_edit_form_ping">' . $_button['send_ping'] . '</label>'; // $ret[] = '</div>'; // $ret[] = '<div class="checkbox">'; // $ret[] = '<input type="checkbox" name="tweet" id="_edit_form_tweet" value="true"' . (isset($vars['tweet']) ? ' checked="checked"' : null) . ' />'; // $ret[] = '<label for="_edit_form_tweet"><span class="fa fa-twitter"></span></label>'; // $ret[] = '</div>'; // $ret[] = '<div class="checkbox">'; // $ret[] = '<input type="checkbox" name="ping" id="_edit_form_fb" value="true"' . (isset($vars['facebook']) ? ' checked="checked"' : null) . ' />'; // $ret[] = '<label for="_edit_form_tweet"><span class="fa fa-facebook"></span></label>'; // $ret[] = '</div>'; } // 管理人のパス入力 if ($notimeupdate === 2 && Auth::check_role('role_contents_admin')) { $ret[] = '<div class="form-group">'; $ret[] = '<div class="input-group">'; $ret[] = '<span class="input-group-addon"><span class="fa fa-key"></span></span>'; $ret[] = '<input type="password" name="pass" class="form-control" size="12" placeholder="Password" />'; $ret[] = '</div>'; $ret[] = '</div>'; } $ret[] = '<button type="submit" class="btn btn-warning" name="cancel" accesskey="c"><span class="fa fa-ban"></span>' . $_button['cancel'] . '</button>'; } $ret[] = '</div>'; $ret[] = '</form>'; if (isset($vars['help'])) { // テキストの整形ルールを表示 $rule_wiki = Factory::Wiki(self::RULE_PAGENAME); $ret[] = '<hr />'; $ret[] = $rule_wiki->has() ? $rule_wiki->render() : '<p class="alert alert-warning">Sorry, page \'' . Utility::htmlsc(self::RULE_PAGENAME) . '\' unavailable.</p>'; } else { $ret[] = '<ul><li><a href="' . Factory::Wiki($page)->uri('edit', array('help' => 'true')) . '" id="FormatRule">' . $_string['help'] . '</a></li></ul>'; } return join("\n", $ret); }
/** * ファイルの詳細 * @param string $file ファイル名 * @return array */ public function info($err) { global $_attach_messages, $vars, $_LANG; $role_contents_admin = Auth::check_role('role_contents_admin'); $msg_require = $role_contents_admin ? $_attach_messages['msg_require'] : ''; $ret[] = empty($err) ? '' : '<p class="error error-warning">' . $_attach_messages[$err] . '</p>'; if (IS_AJAX) { $retval = array('msg' => sprintf($_attach_messages['btn_info'], Utility::htmlsc($this->filename))); $ret[] = '<ul class="nav nav-tabs">'; $ret[] = '<li class="nav-item"><a class="nav-link active" href="#attach_info">' . $_attach_messages['msg_info'] . '</a></li>'; $ret[] = '<li class="nav-item"><a class="nav-link" href="#attach_form_edit">' . $_LANG['skin']['edit'] . '</a></li>'; $ret[] = '</ul>'; } else { $retval = array('msg' => sprintf($_attach_messages['msg_info'], htmlsc($this->filename))); $ret[] = '<nav>'; $ret[] = '<ul class="attach_navibar">'; $ret[] = '<li><a href="' . Router::get_cmd_uri('attach', '', '', array('pcmd' => 'list', 'refer' => $this->page)) . '">' . $_attach_messages['msg_list'] . '</a></li>'; $ret[] = '<li><a href="' . Router::get_cmd_uri('attach', '', '', array('pcmd' => 'list')) . '">' . $_attach_messages['msg_listall'] . '</a></li>'; $ret[] = '</ul>'; $ret[] = '</nav>'; } // 情報タブ $ret[] = '<div id="attach_info" role="tabpanel" aria-labeledby="tab1">'; $ret[] = '<details>'; $ret[] = '<summary>' . $this->toString(TRUE, FALSE) . '</summary>'; $ret[] = '<dl class="dl-horizontal">'; if ($role_contents_admin !== FALSE) { $ret[] = '<dt>' . $_attach_messages['msg_filename'] . ($this->status['freeze'] ? '<span class="fa fa-lock"></span>' : '') . '</dt>'; $ret[] = '<dd><var>' . $this->filename . '</var></dd>'; } $ret[] = '<dt>' . $_attach_messages['msg_page'] . ':</dt>'; $ret[] = '<dd><var>' . Utility::htmlsc($this->page) . '</var></dd>'; $ret[] = '<dt>Content-type:</dt>'; $ret[] = '<dd><var>' . $this->getMime($this->age) . '</var></dd>'; $ret[] = '<dt>' . $_attach_messages['msg_filesize'] . ':</dt>'; $ret[] = '<dd><var>' . $this->fileinfo->getSize() . '</var>KB</dd>'; $ret[] = '<dt>' . $_attach_messages['msg_date'] . ':</dt>'; $ret[] = '<dd><var>' . $this->fileinfo->getMTime() . '</var></dd>'; $ret[] = '<dt>' . $_attach_messages['msg_dlcount'] . ':</dt>'; $ret[] = '<dd><var>' . $this->status['count'][$this->age] . '</var></dd>'; $ret[] = '<dt>' . $_attach_messages['msg_md5hash'] . ':</dt>'; $ret[] = '<dd><var>' . $this->fileinfo->md5() . '</var></dd>'; $ret[] = '</dl>'; $ret[] = '</details>'; $ret[] = $this->getThumbnail(); $ret[] = '</div>'; $ret[] = IS_AJAX ? '' : '<hr />'; // 操作タブ $ret[] = '<div id="attach_form_edit" role="tabpanel" aria-labeledby="tab2">'; $ret[] = '<form action="' . Router::get_script_uri() . '" method="post" class="form form-attach">'; $ret[] = '<input type="hidden" name="cmd" value="attach" />'; $ret[] = '<input type="hidden" name="page" value="' . $this->page . '" />'; // 通常呼び出したページと一緒 $ret[] = '<input type="hidden" name="refer" value="' . $this->page . '" />'; $ret[] = '<input type="hidden" name="file" value="' . $this->filename . '" />'; $ret[] = '<input type="hidden" name="age" value="' . $this->age . '" />'; if ($this->age) { $ret[] = '<div class="radio">'; $ret[] = '<label for="_p_attach_delete"><input type="radio" name="pcmd" id="_p_attach_delete" value="delete" />' . $_attach_messages['msg_delete'] . $msg_require . '</label>'; $ret[] = '</div>'; } else { if ($this->status['freeze']) { $ret[] = '<div class="radio">'; $ret[] = '<label for="_p_attach_unfreeze"><input type="radio" name="pcmd" id="_p_attach_unfreeze" value="unfreeze" />' . $_attach_messages['msg_unfreeze'] . $msg_require . '</label>'; $ret[] = '</div>'; } else { $ret[] = '<div class="radio">'; $ret[] = '<label for="_p_attach_delete"><input type="radio" name="pcmd" id="_p_attach_delete" value="delete" />' . $_attach_messages['msg_delete'] . (self::DELETE_ADMIN_ONLY || $this->age ? $msg_require : '') . '</label>'; $ret[] = '</div>'; $ret[] = '<div class="radio">'; $ret[] = '<label for="_p_attach_freeze"><input type="radio" name="pcmd" id="_p_attach_freeze" value="freeze" />' . $_attach_messages['msg_freeze'] . $msg_require . '</label>'; $ret[] = '</div>'; if (self::ENABLE_RENAME) { $ret[] = '<div class="radio">'; $ret[] = '<label for="_p_attach_rename"><input type="radio" name="pcmd" id="_p_attach_rename" value="rename" />' . $_attach_messages['msg_rename'] . $msg_require . '</label>'; $ret[] = '</div>'; $ret[] = '<div class="form-group">'; $ret[] = '<label for="_p_attach_newname">' . $_attach_messages['msg_newname'] . ':</label> '; $ret[] = '<input type="text" name="newname" class="form-control" id="_p_attach_newname" size="40" value="' . $this->filename . '" />'; $ret[] = '</div>'; } } } if ($role_contents_admin !== FALSE) { $ret[] = '<div class="form-group">'; $ret[] = '<label for="_p_attach_password">' . $_attach_messages['msg_password'] . '</label>'; $ret[] = '<input class="form-control" type="password" name="pass" id="_p_attach_password" size="8" />'; $ret[] = '</div>'; } $ret[] = '<input type="submit" class="btn btn-danger" value="' . $_attach_messages['btn_submit'] . '" />'; $ret[] = '</form>'; $ret[] = '</div>'; $ret[] = '</div>'; $ret[] = IS_AJAX ? '</div>' : ''; $retval['body'] = join("\n", $ret); return $retval; }
function plugin_tracker_action() { global $vars, $now, $config_name, $_string, $session; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); // Plus! code start if (Auth::check_role('readonly')) { die_message($_string['prohibit']); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } $base = isset($vars['_base']) ? $vars['_base'] : null; $refer = isset($vars['_refer']) ? $vars['_refer'] : null; if (isset($vars['cancel'])) { Utility::redirect(Router::get_page_uri($refer)); } $tracker_form = new Tracker_form(); // Petit SPAM Check (Client(Browser)-Server Ticket Check) $config = $tracker_form->config_name; // Rescan if ($session->offsetGet('tracker') !== md5(get_ticket() . $config_name)) { honeypot_write(); return array('msg' => 'Cannot write', 'body' => 'Prohibits editing'); } // Plus! code end // $page name to add will be decided here $num = 0; $name = isset($vars['_name']) ? $vars['_name'] : null; if (isset($vars['_page'])) { $real = $page = $vars['_page']; } else { $real = is_pagename($name) ? $name : ++$num; $page = get_fullname('./' . $real, $base); } if (!is_pagename($page)) { $page = $base; } while (is_page($page)) { $real = ++$num; $page = $base . '/' . $real; } $config = isset($vars['_config']) ? $vars['_config'] : null; // TODO: Why here // Default if (isset($_FILES)) { $_post = array_merge($vars, $_FILES); } $_post['_date'] = $now; $_post['_page'] = $page; $_post['_name'] = $name; $_post['_real'] = $real; // $_post['_refer'] = $_post['refer']; // TODO: Why here => See BugTrack/662 // Creating an empty page, before attaching files $from = $to = array(); $tracker_form = new Tracker_form(); if (!$tracker_form->init($base, $refer, $config)) { return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">' . Utility::htmlsc($tracker_form->error) . '</p>'); } // Load $template $template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE; $template = plugin_tracker_get_source($template_page); if ($template === FALSE || empty($template)) { return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">Page template (' . Utility::htmlsc($template_page) . ') not found</p>'); } if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode(null, $template)))) { return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">' . Utility::htmlsc($tracker_form->error) . '</p>'); } $fields = $tracker_form->fields; unset($tracker_form); foreach (array_keys($fields) as $field) { $from[] = '[' . $field . ']'; $to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : null; unset($fields[$field]); } // Repalace every [$field]s (found inside $template) to real values $subject = $escape = array(); foreach (array_keys($template) as $linenum) { if (trim($template[$linenum]) == null) { continue; } // Escape some TextFormattingRules $letter = $template[$linenum][0]; if ($letter == '|' || $letter == ':') { $escape['|'][$linenum] = $template[$linenum]; } else { if ($letter == ',') { $escape[','][$linenum] = $template[$linenum]; } else { // TODO: Escape "\n" except multiline-allowed fields $subject[$linenum] = $template[$linenum]; } } } foreach (str_replace($from, $to, $subject) as $linenum => $line) { $template[$linenum] = $line; } if ($escape) { // Escape for some TextFormattingRules foreach (array_keys($escape) as $hint) { $to_e = plugin_tracker_escape($to, $hint); foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) { $template[$linenum] = $line; } } unset($to_e); } unset($from, $to); if (isset($vars['preview'])) { global $_button; unset($vars['preview']); $form[] = '<p class="alert alert-success">' . T_('It will be sent with the contents of the following.') . '</p>'; $form[] = '<form action="' . Router::get_script_uri() . '"enctype="multipart/form-data" method="post" class="form-horizontal plugin-tracker-form">'; foreach ($vars as $key => $value) { $form[] = '<input type="hidden" name="' . $key . '" value="' . $value . '" />'; } $form[] = '<button type="submit" class="btn btn-primary" name="write" accesskey="s"><span class="fa fa-check"></span>' . $_button['update'] . '</button>'; $form[] = '<button type="submit" class="btn btn-warning" name="cancel" accesskey="c"><span class="fa fa-ban"></span>' . $_button['cancel'] . '</button>'; $form[] = '</form>'; $form[] = '<hr />'; $form[] = RendererFactory::factory($template); return array('msg' => 'Preview', 'body' => join("\n", $form)); } else { // Write $template, without touch $wiki = Factory::Wiki($page); $wiki->set($template); Utility::redirect($wiki->uri()); } exit; }
function plugin_adm_auth_wkgrp_convert() { global $_adm_auth_wkgrp_msg, $_LANG; if (Auth::check_role('role_adm')) { return ''; } if (!PLUGIN_ADM_AUTH_WKGRP_USE_WRITE_FUNC) { return ''; } $config_page_name = ':config/' . CONFIG_AUTH_WKGRP; $msg = ''; $script = Router::get_script_uri(); $cmd_view = Router::get_page_uri($config_page_name); $cmd_edit = Router::get_cmd_uri('edit', $config_page_name); $cmd_guiedit = Router::get_cmd_uri('guiedit', $config_page_name); $cmd_check = Router::get_cmd_uri('adm_auth_wkgrp', '', '', array('pcmd' => 'check')); $cmd_import = Router::get_cmd_uri('adm_auth_wkgrp', '', '', array('pcmd' => 'import')); $filetime_auth_wkgrp = filemtime(PKWK_AUTH_WKGRP_FILE); $date_auth_wkgrp = format_date($filetime_auth_wkgrp); if (is_page($config_page_name)) { $filetime_config_page = get_filetime($config_page_name); $date_config_page = format_date($filetime_config_page); $guide_msg = $filetime_config_page > $filetime_auth_wkgrp ? '<strong>' . $_adm_auth_wkgrp_msg['msg_gen'] . '</strong>' : ''; $link_page = <<<EOD [<a href="{$cmd_edit}">{$_LANG['skin']['edit']}</a>] [<a href="{$cmd_guiedit}">{$_LANG['skin']['guiedit']}</a>] EOD; $link_file = <<<EOD <form action="{$script}" method="post" class="adm_auth_wkgrp_form"> \t<input type="hidden" name="cmd" value="adm_auth_wkgrp" /> \t<input type="hidden" name="pcmd" value="gen" /> \t<input type="submit" class="btn btn-secondary" value="{$_adm_auth_wkgrp_msg['btn_gen']}" /> \t{$guide_msg} </form> EOD; } else { $date_config_page = 'N/A'; $link_page = '[<a href="' . $cmd_import . '">' . $_adm_auth_wkgrp_msg['msg_import'] . '</a>]'; $link_file = ''; } $rc = <<<EOD <div class="adm_auth_wkgrp"> \t<fieldset> \t\t<legend>{$_adm_auth_wkgrp_msg['head_title']}</legend> \t\t<table class="table"> \t\t\t<thead> \t\t\t\t<tr> \t\t\t\t\t<th> \t\t\t\t\t\t{$_adm_auth_wkgrp_msg['msg_head_page']} \t\t\t\t\t\t(<a href="{$cmd_view}">{$_adm_auth_wkgrp_msg['msg_view']}</a>) \t\t\t\t\t</td> \t\t\t\t\t<th> \t\t\t\t\t\t{$_adm_auth_wkgrp_msg['msg_head_file']} \t\t\t\t\t\t(<a href="{$cmd_check}">{$_adm_auth_wkgrp_msg['msg_check']}</a>) \t\t\t\t\t</td> \t\t\t\t</tr> \t\t\t</thead> \t\t\t<tbody> \t\t\t\t<tr> \t\t\t\t\t<td>{$_adm_auth_wkgrp_msg['msg_head_update']}: {$date_config_page}</td> \t\t\t\t\t<td>{$_adm_auth_wkgrp_msg['msg_head_gen']}: {$date_auth_wkgrp}</td> \t\t\t\t</tr> \t\t\t\t<tr> \t\t\t\t\t<td>{$link_page}</td> \t\t\t\t\t<td>{$link_file}</td> \t\t\t\t</tr> \t\t\t</tbody> \t\t</table> \t</fieldset> </div> EOD; return $rc; }
function plugin_spam_pages() { global $vars, $post, $_msg_invalidpass, $_spam_messages; $ob = ob_get_level(); $script = Router::get_script_uri(); $start = isset($post['start']) ? $post['start'] : NULL; $s_start = $start === NULL ? '' : Utility::htmlsc($start); $pass = isset($post['pass']) ? $post['pass'] : NULL; $sort = isset($post['sort']); $s_sort = $sort ? ' checked' : ''; $per = 100; $form = <<<EOD <form action="{$script}" method="post" class="spam_form"> \t<input type="hidden" name="cmd" value="spam" /> \t<input type="hidden" name="mode" value="pages" /> \t<fieldset> \t\t<legend>{$_spam_messages['msg_pages']}</legend> \t\t<label for="start">{$_spam_messages['label_start']}</label> \t\t<input type="text" name="start" id="start" size="40" value="{$s_start}" /><br /> \t\t<input type="checkbox" name="sort" value="on" id="sort" {$s_sort} /> \t\t<label for="sort">{$_spam_messages['label_sort']}</label><br /> \t\t<label for="pass">{$_spam_messages['label_pass']}</label> \t\t<input type="password" name="pass" id="pass" size="12" /><br /> \t\t<input type="submit" class="btn btn-primary" name="check" value="{$_spam_messages['check']}" /> \t</fieldset> </form> EOD; if ($pass !== NULL && Auth::login($pass)) { // Check and report $method = array('_comment' => '_default', 'badhost' => TRUE); echo $form; flush(); if ($ob) { @ob_flush(); } $pages = Listing::exists(); if ($sort) { sort($pages, SORT_STRING); } $count = $search = $hit = 0; foreach ($pages as $pagename) { ++$count; if ($start !== '') { if ($start == $pagename) { $start = ''; } else { continue; } } ++$search; if ($search % $per == 0) { flush(); if ($ob) { @ob_flush(); } } $progress = Spam::check_uri_spam(Factory::Wiki($pagename)->get(), $method); if (empty($progress['is_spam'])) { echo Utility::htmlsc($pagename); echo '<br />' . "\n"; } else { ++$hit; echo '<div style="padding: 0pt 0.7em;" class="ui-state-error ui-corner-all">' . '<p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: 0.3em;"></span>' . sprintf($_spam_messages['msg_found'], Utility::htmlsc($pagename)) . '</p>'; echo '<p>' . "\n"; $tmp = Spam::summarize_detail_badhost($progress); if ($tmp != '') { echo ' DETAIL_BADHOST: ' . str_replace(' ', ' ', nl2br(htmlsc($tmp) . "\n")); } } } echo '</p>' . "\n"; echo '<hr />' . "\n"; echo sprintf($_spam_messages['msg_hits'], $hit, $search, $count); exit; } $body = $pass === NULL ? '' : '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n"; $body .= $form; return array('msg' => $_spam_messages['title'] . $_spam_messages['title_pages'], 'body' => $body); }
/** * formタグに追加のフォームを挿入 * @param type $retvar * @param type $plugin * @return type */ private static function addHiddenField($retvar, $plugin) { global $use_spam_check, $vars; // TODO:複数回実行される問題あり if (preg_match('/<form\\b(?:(?=(\\s+(?:method="([^"]*)"|enctype="([^"]*)")|action="([^"]*)"|data-collision-check="([^"]*)"|data-collision-check-strict="([^"]*)"|[^\\s>]+|\\s+))\\1)*>/i', $retvar, $matches) !== 0) { // action属性が、このスクリプト以外を指している場合処理しない if ($matches[4] === Router::get_script_uri()) { // Insert a hidden field, supports idenrtifying text enconding $hidden_field[] = '<!-- Additional fields START-->'; $hidden_field[] = PKWK_ENCODING_HINT ? '<input type="hidden" name="encode_hint" value="' . PKWK_ENCODING_HINT . '" />' : null; if ($matches[2] !== 'get') { // 利用者のホストチェック $hidden_field[] = '<input type="hidden" name="ticket" value="' . md5(Utility::getTicket() . REMOTE_ADDR) . '" />'; // 多重投稿を禁止するオプションが有効かつ、methodがpostだった場合、PostIDを生成する if (isset($use_spam_check['multiple_post']) && $use_spam_check['multiple_post'] === 1 && preg_match(self::IGNOLE_POSTID_CHECK_PATTERN, $plugin) !== 1) { // from PukioWikio $hidden_field[] = '<input type="hidden" name="postid" value="' . PostId::generate($plugin) . '" />'; } // PHP5.4以降かつ、マルチパートの場合、進捗状況セッション用のフォームを付加する if (ini_get('session.upload_progress.enabled') && isset($matches[3]) && $matches[3] === 'multipart/form-data') { $hidden_field[] = '<input type="hidden" name="' . ini_get("session.upload_progress.name") . '" value="' . PKWK_WIKI_NAMESPACE . '" class="progress_session" />'; } // ページ名が含まれていて、data-collision-checkがfalseでない場合、競合チェック用フォームを追記する // data-collision-check="true"にするのは、pcomment.inc.phpのように別のWikiページを更新するプラグインの場合 // (これらの自動入力フォームは、常にフォームの先頭に挿入されるので、プラグイン側で重複するフォームがあったところで、 // HTML文法的に送られるフォームデーターはプラグインで指定された内容が優先されるためわざわざこんな小細工をしなかったところで実害はないが・・・。) if (isset($vars['page']) && !(isset($matches[5]) && $matches[5] === 'false')) { $wiki = Factory::Wiki($vars['page']); $hidden_field[] = '<input type="hidden" name="digest" value="' . $wiki->digest() . '" />'; // 自動競合チェッカー // data-collision-check-strict="true"を加えると、ページを送信した時点のオリジナルのソースも送信される。 // より精度の高い競合チェックを行うことができるが、データーが倍増するので、ページの編集フォーム以外ではあまり使うべきではない。 if (isset($matches[6]) && $matches[6] === 'true' && isset($vars['page']) && !empty($vars['page'])) { $hidden_field[] = '<textarea style="display:none;width:0;height:0;" name="original">' . Utility::htmlsc($wiki->get(true)) . '</textarea>'; } } } $hidden_field[] = '<!-- Additional fields END -->'; $retvar = preg_replace('/<form[^>]*>/', '$0' . "\n" . join("\n", $hidden_field), $retvar); } } return $retvar; }
/** * function plugin_backup_rollback($page, $age) */ function plugin_backup_rollback($page, $age) { global $vars; global $_backup_messages; $passvalid = isset($vars['pass']) ? Auth::login($vars['pass']) : FALSE; if ($passvalid) { $backup = Factory::Backup($page); $backups = $backup->get($age); if (empty($backups)) { return array(sprintf($_backup_messages['title_backup_rollback'], $age), 'body' => $_backup_messages['msg_nobackup']); // Do nothing } $wiki = Factory::Wiki($page); // バックアップからロールバック(タイムスタンプを更新しない状態で) $wiki->set($backups['data']); // ファイルの更新日時をバックアップの時点にする $wiki->touch($backups['time']); //put_lastmodified(); return array('msg' => $_backup_messages['title_backup_rollbacked'], 'body' => str_replace('$1', make_pagelink($page) . '(No. ' . $age . ')', $_backup_messages['msg_backup_rollbacked'])); } else { $script = Router::get_script_uri(); $s_page = htmlsc($page); $body = <<<EOD <fieldset> \t<legend>{$_backup_messages['msg_backup_adminpass']}</legend> \t<form action="{$script}" method="post" class="plugin-backup-rollback-form form-inline"> \t\t<input type="hidden" name="cmd" value="backup" /> \t\t<input type="hidden" name="action" value="rollback" /> \t\t<input type="hidden" name="age" value="{$age}" /> \t\t<input type="hidden" name="page" value="{$s_page}" /> \t\t<div class="form-group"> \t\t\t<input type="password" name="pass" size="12" class="form-control" /> \t\t</div> \t\t<input type="submit" name="ok" value="{$_backup_messages['btn_rollback']}" class="btn btn-warning" /> \t</form> </legend> EOD; return array('msg' => sprintf($_backup_messages['title_backup_rollback'], $age), 'body' => $body); } }
function get_script_uri($path = '') { return Router::get_script_uri(); }
$translator->factory(array('locale' => Lang::$language_prepared, 'cache' => $cache['core'])); T_setlocale(LC_ALL, PO_LANG); T_bindtextdomain(DOMAIN, LANG_DIR); T_textdomain(DOMAIN); ///////////////////////////////////////////////// // リソースファイルの読み込み require LIB_DIR . 'resource.php'; // Init encoding hint define('PKWK_ENCODING_HINT', isset($_LANG['encode_hint']) && $_LANG['encode_hint'] !== 'encode_hint' ? $_LANG['encode_hint'] : 'ぷ'); ///////////////////////////////////////////////// // INI_FILE: Init $script if (isset($script)) { Router::get_script_uri($script); // Init manually } else { $script = Router::get_script_uri(); // Init automatically } ///////////////////////////////////////////////// // ディレクトリのチェック $die = array(); foreach (array('DATA_DIR', 'DIFF_DIR', 'BACKUP_DIR', 'CACHE_DIR') as $d) { $dir = constant($d); if (!is_dir($dir)) { mkdir($dir); chmod($dir, 0755); } if (!is_writable($dir)) { $die[] = sprintf($_string['not_writable'], $dir); } }