function plugin_pcomment_action()
{
global $vars, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'));
}
if (!isset($vars['msg']) || empty($vars['msg'])) {
return array();
}
// Validate
if (is_spampost(array('msg'))) {
Utility::dump();
return array('msg' => '', 'body' => '');
// Do nothing
}
$refer = isset($vars['refer']) ? $vars['refer'] : '';
if (!is_page($refer) && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'));
}
$retval = plugin_pcomment_insert();
if ($retval['collided']) {
$vars['page'] = $refer;
return $retval;
}
$hash = isset($vars['reply']) ? '#pcmt' . Utility::htmlsc($vars['reply']) : '';
Utility::redirect(get_page_location_uri($refer) . $hash);
}
function plugin_pcomment_action()
{
global $post, $vars;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (auth::check_role('readonly')) {
die_message('PKWK_READONLY prohibits editing');
}
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$b = FALSE;
if (!isset($post['encode_hint']) && PKWK_ENCODING_HINT == '') {
$b = TRUE;
} elseif (isset($post['encode_hint']) && $post['encode_hint'] == PKWK_ENCODING_HINT) {
$b = TRUE;
}
if ($b === FALSE) {
honeypot_write();
return array('msg' => '', 'body' => '');
// Do nothing
}
if (!isset($vars['msg']) || $vars['msg'] == '') {
return array();
}
// Validate
if (is_spampost(array('msg'))) {
honeypot_write();
return array('msg' => '', 'body' => '');
// Do nothing
}
$refer = isset($vars['refer']) ? $vars['refer'] : '';
if (!is_page($refer) && auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
$retval = plugin_pcomment_insert();
if ($retval['collided']) {
$vars['page'] = $refer;
return $retval;
}
pkwk_headers_sent();
header('Location: ' . get_page_location_uri($refer));
exit;
}
function plugin_tracker_action()
{
global $post, $vars, $now;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (auth::check_role('readonly')) {
die_message(_('PKWK_READONLY prohibits editing'));
}
if (auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
$base = isset($post['_base']) ? $post['_base'] : '';
$refer = isset($post['_refer']) ? $post['_refer'] : '';
$createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : '';
// $page name to add will be decided here
$num = 0;
$name = isset($post['_name']) ? $post['_name'] : '';
if (isset($post['_page'])) {
$real = $page = $post['_page'];
} else {
$real = is_pagename($name) ? $name : ++$num;
$page = get_fullname('./' . $real, $base);
}
if (!is_pagename($page)) {
$page = $base;
}
while (is_page($page)) {
$real = ++$num;
$page = $base . '/' . $real;
}
$config = isset($post['_config']) ? $post['_config'] : '';
$createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : '';
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$spam = FALSE;
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$s_tracker = md5(get_ticket() . $config_name);
error_log("\$s_tracker: " . $s_tracker);
error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']);
// if ($_SESSION['tracker'] != $s_tracker) {
// $spam = TRUE;
// }
} else {
if (isset($post['encode_hint']) && $post['encode_hint'] != '') {
if (PKWK_ENCODING_HINT != $post['encode_hint']) {
$spam = TRUE;
}
} else {
if (PKWK_ENCODING_HINT != '') {
$spam = TRUE;
}
}
if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) {
$spam = TRUE;
}
}
if ($spam) {
honeypot_write();
return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>');
}
// TODO: Why here
// Default
$_post = array_merge($post, $_FILES);
$_post['_date'] = $now;
$_post['_page'] = $page;
$_post['_name'] = $name;
$_post['_real'] = $real;
// $_post['_refer'] = $_post['refer'];
// TODO: Why here => See BugTrack/662
// Creating an empty page, before attaching files
pkwk_touch_file(get_filename($page));
$from = $to = array();
$tracker_form =& new Tracker_form();
if (!$tracker_form->init($base, $refer, $config)) {
return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error));
}
// Load $template
$template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE;
$template = plugin_tracker_get_source($template_page);
if ($template === FALSE || empty($template)) {
return array('msg' => 'Cannot write', 'body' => 'Page template (' . htmlspecialchars($template_page) . ') not found');
}
if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode('', $template)))) {
return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error));
}
$fields = $tracker_form->fields;
unset($tracker_form);
foreach (array_keys($fields) as $field) {
$from[] = '[' . $field . ']';
$to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : '';
unset($fields[$field]);
}
// Repalace every [$field]s (found inside $template) to real values
$subject = $escape = array();
foreach (array_keys($template) as $linenum) {
if (trim($template[$linenum]) == '') {
continue;
}
// Escape some TextFormattingRules
$letter = $template[$linenum][0];
if ($letter == '|' || $letter == ':') {
$escape['|'][$linenum] = $template[$linenum];
} else {
if ($letter == ',') {
$escape[','][$linenum] = $template[$linenum];
} else {
// TODO: Escape "\n" except multiline-allowed fields
$subject[$linenum] = $template[$linenum];
}
}
}
foreach (str_replace($from, $to, $subject) as $linenum => $line) {
$template[$linenum] = $line;
}
if ($escape) {
// Escape for some TextFormattingRules
foreach (array_keys($escape) as $hint) {
$to_e = plugin_tracker_escape($to, $hint);
foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) {
$template[$linenum] = $line;
}
}
unset($to_e);
}
unset($from, $to);
// Write $template, without touch
page_write($page, join('', $template));
// Create proxy page
if ($createProxy && ($proxyPage = isset($_post[$createProxy]) ? $_post[$createProxy] : '')) {
page_write($proxyPage, '#include(' . $page . ',notitle)');
}
pkwk_headers_sent();
header('Location: ' . get_page_location_uri($page));
exit;
}
function plugin_approve_action()
{
global $vars, $post;
if (auth::check_role('readonly')) {
die_message(_('PKWK_READONLY prohibits editing'));
}
if (auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$spam = FALSE;
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$s_tracker = md5(get_ticket() . 'Approve');
error_log("\$s_tracker: " . $s_tracker);
error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']);
} else {
if (isset($post['encode_hint']) && $post['encode_hint'] != '') {
error_log("\$post['encode_hint']: " . $post['encode_hint']);
if (PKWK_ENCODING_HINT != $post['encode_hint']) {
$spam = TRUE;
}
} else {
error_log("PKWK_ENCODING_HINT: " . PKWK_ENCODING_HINT);
if (PKWK_ENCODING_HINT != '') {
$spam = TRUE;
}
}
error_log("is_spampost: " . is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT));
if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) {
$spam = TRUE;
}
}
error_log("isSpam: " . $spam);
if ($spam) {
honeypot_write();
return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>');
}
$name = isset($post['name']) ? $post['name'] : '';
$page = isset($post['_page']) ? $post['_page'] : '';
if ($name == '') {
return '<p>approve(): empty name.</p>';
}
if ($page == '') {
return '<p>approve(): empty page.</p>';
}
$config_path = PLUGIN_APPROVE_CONFIG_ROOT . $name;
$config = new YamlConfig($config_path);
if (!$config->read()) {
return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load config. "' . $config_path . '"</p>');
}
$pattern = $config[PLUGIN_APPROVE_KEY_PATTERN];
$replace = $config[PLUGIN_APPROVE_KEY_REPLACE];
$page_regex = $config[PLUGIN_APPROVE_KEY_PAGE_REGEX];
if ($page == '') {
return array('msg' => 'Approve', 'body' => '<p>approve(): empty page.</p>');
}
if ($pattern == '') {
return array('msg' => 'Approve', 'body' => '<p>approve(): empty pattern.</p>');
}
if ($page_regex == '') {
return array('msg' => 'Approve', 'body' => '<p>approve(): empty page_regex.</p>');
}
if (!preg_match($page_regex, $page)) {
return array('msg' => 'Approve', 'body' => '<p>approve(): page not match.</p>');
}
if (PKWK_READONLY > 0 || is_freeze($vars['page']) || !plugin_approve_is_edit_authed($page)) {
return array('msg' => 'Approve', 'body' => '<p>approve(): prohibit editing. "' . $page . '"</p>');
}
$source = get_source($page, TRUE, TRUE);
if ($source === FALSE) {
return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load page. "' . $page . '"</p>');
}
if (strpos($source, $pattern) === FALSE) {
return array('msg' => 'Approve', 'body' => '<p>approve(): pattern not match.</p>');
}
$source = str_replace($pattern, $replace, $source);
//return array('msg'=>'Approve', 'body'=>$source);
page_write($page, $source);
pkwk_headers_sent();
header('Location: ' . get_page_location_uri($page));
exit;
}
function plugin_commentx_write()
{
global $script, $vars, $now;
global $_no_name;
// global $_msg_comment_collided, $_title_comment_collided, $_title_updated;
$_title_updated = _("\$1 was updated");
$_title_comment_collided = _("On updating \$1, a collision has occurred.");
$_msg_comment_collided = _("It seems that someone has already updated the page you were editing.<br />") . _("The comment was added, alhough it may be inserted in the wrong position.<br />");
if (!isset($vars['msg'])) {
return array('msg' => '', 'body' => '');
}
// Do nothing
if (preg_match(PLUGIN_COMMENTX_NGWORD, $vars['msg'])) {
return array('msg' => '', 'body' => '');
}
// Validate
if (is_spampost(array('msg'))) {
return plugin_commentx_honeypot();
}
$vars['msg'] = preg_replace('/\\s+$/', "", $vars['msg']);
// Cut last LF
if (PLUGIN_COMMENTX_LINE_BREAK) {
// Convert linebreaks into pukiwiki's linebreaks &br;
$vars['msg'] = str_replace("\n", "&br;\n", $vars['msg']);
} else {
// Replace empty lines into #br
$vars['msg'] = preg_replace('/^\\s*\\n/m', "#br\n", $vars['msg']);
}
$head = '';
$match = array();
if (preg_match('/^(-{1,2})-*\\s*(.*)/', $vars['msg'], $match)) {
$head =& $match[1];
$vars['msg'] =& $match[2];
}
if ($vars['msg'] == '') {
return array('msg' => '', 'body' => '');
}
// Do nothing
$comment = str_replace('$msg', $vars['msg'], PLUGIN_COMMENTX_FORMAT_MSG);
list($nick, $vars['name'], $disabled) = plugin_commentx_get_nick();
if (isset($vars['name']) || $vars['nodate'] != '1') {
$_name = !isset($vars['name']) || $vars['name'] == '' ? $_no_name : $vars['name'];
$_name = $_name == '' ? '' : str_replace('$name', $_name, PLUGIN_COMMENTX_FORMAT_NAME);
$_now = $vars['nodate'] == '1' ? '' : str_replace('$now', $now, PLUGIN_COMMENTX_FORMAT_NOW);
$comment = str_replace("MSG", $comment, PLUGIN_COMMENTX_FORMAT_STRING);
$comment = str_replace("NAME", $_name, $comment);
$comment = str_replace("NOW", $_now, $comment);
}
$comment = '-' . $head . ' ' . $comment;
$postdata = '';
$comment_no = 0;
$above = isset($vars['above']) && $vars['above'] == '1';
foreach (get_source($vars['refer']) as $line) {
if (!$above) {
$postdata .= $line;
}
if (preg_match('/^#commentx/i', $line) && $comment_no++ == $vars['comment_no']) {
if ($above) {
$postdata = rtrim($postdata) . "\n" . $comment . "\n" . "\n";
// Insert one blank line above #commment, to avoid indentation
} else {
$postdata = rtrim($postdata) . "\n" . $comment . "\n";
// Insert one blank line below #commment
}
}
if ($above) {
$postdata .= $line;
}
}
$title = $_title_updated;
$body = '';
if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) {
$title = $_title_comment_collided;
$body = $_msg_comment_collided . make_pagelink($vars['refer']);
}
page_write($vars['refer'], $postdata);
$retvars['msg'] = $title;
$retvars['body'] = $body;
if ($vars['refpage']) {
header("Location: {$script}?" . rawurlencode($vars['refpage']));
exit;
}
$vars['page'] = $vars['refer'];
return $retvars;
}
function plugin_edit_write()
{
global $vars, $trackback, $_string, $_msg_edit;
global $notimeupdate;
$page = isset($vars['page']) ? $vars['page'] : null;
$add = isset($vars['add']) ? $vars['add'] : null;
$digest = isset($vars['digest']) ? $vars['digest'] : null;
$partid = isset($vars['id']) ? $vars['id'] : null;
$notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] !== null;
if (empty($page)) {
return array('mgs' => 'Error', 'body' => $_msg_edit['err_empty_page']);
}
$wiki = Factory::Wiki($page);
// Check Validate and Ticket
if ($notimestamp && !$wiki->isValied()) {
return plugin_edit_honeypot();
}
// Validate
if (is_spampost(array('msg'))) {
return plugin_edit_honeypot();
}
// Paragraph edit mode
if ($partid) {
$source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
$vars['msg'] = plugin_edit_parts($partid, $source, $vars['msg']) !== FALSE ? join('', $source) : rtrim($vars['original']) . "\n\n" . $vars['msg'];
}
$retvars = array();
if (isset($vars['msg']) && !empty($vars['msg'])) {
// Delete "#freeze" command for form edit.
$vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']);
$msg = $vars['msg'];
// Reference
// Action?
if ($add) {
// Compat: add plugin and adding contents
$postdata = isset($vars['add_top']) && $vars['add_top'] ? $msg . "\n\n" . $oldpagesrc : $oldpagesrc . "\n\n" . $msg;
} else {
// Edit or Remove
$postdata =& $msg;
}
} else {
// CAPTCHAが有効なときで、ページを削除しようとした時、$vars['msg']は空になる。
$wiki->set('');
$retvars['msg'] = sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page));
$retvars['body'] = '<p class="alert alert-success">' . sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page)) . '</p>';
return $retvars;
}
// $notimeupdate: Checkbox 'Do not change timestamp'
// $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
// if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) {
if ($notimeupdate > 1 && $notimestamp && Auth::check_role('role_contents_admin') && !pkwk_login($vars['pass'])) {
// Enable only administrator & password error
$retvars['body'] = '<p class="alert alert-danger">' . $_msg_edit['msg_invalidpass'] . '</p>' . "\n";
$retvars['body'] .= Utility::editForm($page, $msg, FALSE);
return $retvars;
}
$wiki->set($postdata, $notimeupdate !== 0 && $notimestamp);
if (isset($vars['refpage']) && $vars['refpage'] !== '') {
$refwiki = Factory::Wiki($vars['refpage']);
$url = $partid ? $refwiki->uri('read', null, rawurlencode($partid)) : $refwiki->uri();
} else {
$url = $partid ? $wiki->uri('read', null, rawurlencode($partid)) : $wiki->uri();
}
if (isset($vars['ajax'])) {
$headers = Header::getHeaders('application/json');
Header::writeResponse($headers, 200, Json::encode(array('msg' => 'Your post has been saved.', 'posted' => true, 'taketime' => Time::getTakeTime())));
} else {
Utility::redirect($url);
}
exit;
}
function plugin_edit_write()
{
global $post, $vars, $trackback;
global $notimeupdate, $do_update_diff_table;
global $use_trans_sid_address;
// global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted;
// global $_msg_invalidpass;
$_title_deleted = _(' $1 was deleted');
$_msg_invalidpass = _('Invalid password.');
$page = isset($vars['page']) ? $vars['page'] : '';
$add = isset($vars['add']) ? $vars['add'] : '';
$digest = isset($vars['digest']) ? $vars['digest'] : '';
$partid = isset($vars['id']) ? $vars['id'] : '';
$notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
// Check Validate and Ticket
if ($notimestamp && !is_page($page)) {
return plugin_edit_honeypot();
}
// SPAM Check (Client(Browser)-Server Ticket Check)
if (isset($post['encode_hint']) && $post['encode_hint'] != PKWK_ENCODING_HINT) {
return plugin_edit_honeypot();
}
if (!isset($post['encode_hint']) && PKWK_ENCODING_HINT != '') {
return plugin_edit_honeypot();
}
// Validate
if (is_spampost(array('msg'))) {
return plugin_edit_honeypot();
}
// Paragraph edit mode
if ($partid) {
$source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
if (plugin_edit_parts($partid, $source, $vars['msg']) !== FALSE) {
$vars['msg'] = join('', $source);
} else {
$vars['msg'] = rtrim($vars['original']) . "\n\n" . $vars['msg'];
}
}
// Delete "#freeze" command for form edit.
$vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']);
$msg =& $vars['msg'];
// Reference
$retvars = array();
// Collision Detection
$oldpagesrc = get_source($page, TRUE, TRUE);
$oldpagemd5 = md5($oldpagesrc);
if ($digest != $oldpagemd5) {
$vars['digest'] = $oldpagemd5;
// Reset
$original = isset($vars['original']) ? $vars['original'] : '';
list($postdata_input, $auto) = do_update_diff($oldpagesrc, $msg, $original);
$_msg_collided_auto = _('It seems that someone has already updated this page while you were editing it.<br />') . _('The collision has been corrected automatically, but there may still be some problems with the page.<br />') . _('To confirm the changes to the page, press [Update].<br />');
$_msg_collided = _('It seems that someone has already updated this page while you were editing it.<br />') . _(' + is placed at the beginning of a line that was newly added.<br />') . _(' ! is placed at the beginning of a line that has possibly been updated.<br />') . _(' Edit those lines, and submit again.');
$retvars['msg'] = _('On updating $1, a collision has occurred.');
$retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n";
$retvars['body'] .= $do_update_diff_table;
unset($vars['id']);
// Change edit all-text of pages(from para-edit)
$retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE);
return $retvars;
}
// Action?
if ($add) {
// Add
if (isset($vars['add_top']) && $vars['add_top']) {
$postdata = $msg . "\n\n" . @join('', get_source($page));
} else {
$postdata = @join('', get_source($page)) . "\n\n" . $msg;
}
} else {
// Edit or Remove
$postdata =& $msg;
// Reference
}
// NULL POSTING, OR removing existing page
if ($postdata == '') {
page_write($page, $postdata);
$retvars['msg'] = $_title_deleted;
$retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted);
if ($trackback) {
tb_delete($page);
}
return $retvars;
}
// $notimeupdate: Checkbox 'Do not change timestamp'
// $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
// if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) {
if ($notimeupdate > 1 && $notimestamp && auth::check_role('role_adm_contents') && !pkwk_login($vars['pass'])) {
// Enable only administrator & password error
$retvars['body'] = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
$retvars['body'] .= edit_form($page, $msg, $digest, FALSE);
return $retvars;
}
page_write($page, $postdata, $notimestamp);
pkwk_headers_sent();
if (isset($vars['refpage']) && $vars['refpage'] != '') {
if ($partid) {
header('Location: ' . get_page_location_uri($vars['refpage'], '', rawurlencode($partid)));
} else {
header('Location: ' . get_page_location_uri($vars['refpage']));
}
} else {
if ($partid) {
header('Location: ' . get_page_location_uri($page, '', rawurlencode($partid)));
} else {
header('Location: ' . get_page_location_uri($page));
}
}
exit;
}
