function plugin_pcomment_action() { global $vars, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY')); } if (!isset($vars['msg']) || empty($vars['msg'])) { return array(); } // Validate if (is_spampost(array('msg'))) { Utility::dump(); return array('msg' => '', 'body' => ''); // Do nothing } $refer = isset($vars['refer']) ? $vars['refer'] : ''; if (!is_page($refer) && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE')); } $retval = plugin_pcomment_insert(); if ($retval['collided']) { $vars['page'] = $refer; return $retval; } $hash = isset($vars['reply']) ? '#pcmt' . Utility::htmlsc($vars['reply']) : ''; Utility::redirect(get_page_location_uri($refer) . $hash); }
function plugin_pcomment_action() { global $post, $vars; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (auth::check_role('readonly')) { die_message('PKWK_READONLY prohibits editing'); } // Petit SPAM Check (Client(Browser)-Server Ticket Check) $b = FALSE; if (!isset($post['encode_hint']) && PKWK_ENCODING_HINT == '') { $b = TRUE; } elseif (isset($post['encode_hint']) && $post['encode_hint'] == PKWK_ENCODING_HINT) { $b = TRUE; } if ($b === FALSE) { honeypot_write(); return array('msg' => '', 'body' => ''); // Do nothing } if (!isset($vars['msg']) || $vars['msg'] == '') { return array(); } // Validate if (is_spampost(array('msg'))) { honeypot_write(); return array('msg' => '', 'body' => ''); // Do nothing } $refer = isset($vars['refer']) ? $vars['refer'] : ''; if (!is_page($refer) && auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } $retval = plugin_pcomment_insert(); if ($retval['collided']) { $vars['page'] = $refer; return $retval; } pkwk_headers_sent(); header('Location: ' . get_page_location_uri($refer)); exit; }
function plugin_tracker_action() { global $post, $vars, $now; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (auth::check_role('readonly')) { die_message(_('PKWK_READONLY prohibits editing')); } if (auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } $base = isset($post['_base']) ? $post['_base'] : ''; $refer = isset($post['_refer']) ? $post['_refer'] : ''; $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : ''; // $page name to add will be decided here $num = 0; $name = isset($post['_name']) ? $post['_name'] : ''; if (isset($post['_page'])) { $real = $page = $post['_page']; } else { $real = is_pagename($name) ? $name : ++$num; $page = get_fullname('./' . $real, $base); } if (!is_pagename($page)) { $page = $base; } while (is_page($page)) { $real = ++$num; $page = $base . '/' . $real; } $config = isset($post['_config']) ? $post['_config'] : ''; $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : ''; // Petit SPAM Check (Client(Browser)-Server Ticket Check) $spam = FALSE; if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $s_tracker = md5(get_ticket() . $config_name); error_log("\$s_tracker: " . $s_tracker); error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']); // if ($_SESSION['tracker'] != $s_tracker) { // $spam = TRUE; // } } else { if (isset($post['encode_hint']) && $post['encode_hint'] != '') { if (PKWK_ENCODING_HINT != $post['encode_hint']) { $spam = TRUE; } } else { if (PKWK_ENCODING_HINT != '') { $spam = TRUE; } } if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) { $spam = TRUE; } } if ($spam) { honeypot_write(); return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>'); } // TODO: Why here // Default $_post = array_merge($post, $_FILES); $_post['_date'] = $now; $_post['_page'] = $page; $_post['_name'] = $name; $_post['_real'] = $real; // $_post['_refer'] = $_post['refer']; // TODO: Why here => See BugTrack/662 // Creating an empty page, before attaching files pkwk_touch_file(get_filename($page)); $from = $to = array(); $tracker_form =& new Tracker_form(); if (!$tracker_form->init($base, $refer, $config)) { return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error)); } // Load $template $template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE; $template = plugin_tracker_get_source($template_page); if ($template === FALSE || empty($template)) { return array('msg' => 'Cannot write', 'body' => 'Page template (' . htmlspecialchars($template_page) . ') not found'); } if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode('', $template)))) { return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error)); } $fields = $tracker_form->fields; unset($tracker_form); foreach (array_keys($fields) as $field) { $from[] = '[' . $field . ']'; $to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : ''; unset($fields[$field]); } // Repalace every [$field]s (found inside $template) to real values $subject = $escape = array(); foreach (array_keys($template) as $linenum) { if (trim($template[$linenum]) == '') { continue; } // Escape some TextFormattingRules $letter = $template[$linenum][0]; if ($letter == '|' || $letter == ':') { $escape['|'][$linenum] = $template[$linenum]; } else { if ($letter == ',') { $escape[','][$linenum] = $template[$linenum]; } else { // TODO: Escape "\n" except multiline-allowed fields $subject[$linenum] = $template[$linenum]; } } } foreach (str_replace($from, $to, $subject) as $linenum => $line) { $template[$linenum] = $line; } if ($escape) { // Escape for some TextFormattingRules foreach (array_keys($escape) as $hint) { $to_e = plugin_tracker_escape($to, $hint); foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) { $template[$linenum] = $line; } } unset($to_e); } unset($from, $to); // Write $template, without touch page_write($page, join('', $template)); // Create proxy page if ($createProxy && ($proxyPage = isset($_post[$createProxy]) ? $_post[$createProxy] : '')) { page_write($proxyPage, '#include(' . $page . ',notitle)'); } pkwk_headers_sent(); header('Location: ' . get_page_location_uri($page)); exit; }
function plugin_approve_action() { global $vars, $post; if (auth::check_role('readonly')) { die_message(_('PKWK_READONLY prohibits editing')); } if (auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } // Petit SPAM Check (Client(Browser)-Server Ticket Check) $spam = FALSE; if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $s_tracker = md5(get_ticket() . 'Approve'); error_log("\$s_tracker: " . $s_tracker); error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']); } else { if (isset($post['encode_hint']) && $post['encode_hint'] != '') { error_log("\$post['encode_hint']: " . $post['encode_hint']); if (PKWK_ENCODING_HINT != $post['encode_hint']) { $spam = TRUE; } } else { error_log("PKWK_ENCODING_HINT: " . PKWK_ENCODING_HINT); if (PKWK_ENCODING_HINT != '') { $spam = TRUE; } } error_log("is_spampost: " . is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)); if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) { $spam = TRUE; } } error_log("isSpam: " . $spam); if ($spam) { honeypot_write(); return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>'); } $name = isset($post['name']) ? $post['name'] : ''; $page = isset($post['_page']) ? $post['_page'] : ''; if ($name == '') { return '<p>approve(): empty name.</p>'; } if ($page == '') { return '<p>approve(): empty page.</p>'; } $config_path = PLUGIN_APPROVE_CONFIG_ROOT . $name; $config = new YamlConfig($config_path); if (!$config->read()) { return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load config. "' . $config_path . '"</p>'); } $pattern = $config[PLUGIN_APPROVE_KEY_PATTERN]; $replace = $config[PLUGIN_APPROVE_KEY_REPLACE]; $page_regex = $config[PLUGIN_APPROVE_KEY_PAGE_REGEX]; if ($page == '') { return array('msg' => 'Approve', 'body' => '<p>approve(): empty page.</p>'); } if ($pattern == '') { return array('msg' => 'Approve', 'body' => '<p>approve(): empty pattern.</p>'); } if ($page_regex == '') { return array('msg' => 'Approve', 'body' => '<p>approve(): empty page_regex.</p>'); } if (!preg_match($page_regex, $page)) { return array('msg' => 'Approve', 'body' => '<p>approve(): page not match.</p>'); } if (PKWK_READONLY > 0 || is_freeze($vars['page']) || !plugin_approve_is_edit_authed($page)) { return array('msg' => 'Approve', 'body' => '<p>approve(): prohibit editing. "' . $page . '"</p>'); } $source = get_source($page, TRUE, TRUE); if ($source === FALSE) { return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load page. "' . $page . '"</p>'); } if (strpos($source, $pattern) === FALSE) { return array('msg' => 'Approve', 'body' => '<p>approve(): pattern not match.</p>'); } $source = str_replace($pattern, $replace, $source); //return array('msg'=>'Approve', 'body'=>$source); page_write($page, $source); pkwk_headers_sent(); header('Location: ' . get_page_location_uri($page)); exit; }
function plugin_commentx_write() { global $script, $vars, $now; global $_no_name; // global $_msg_comment_collided, $_title_comment_collided, $_title_updated; $_title_updated = _("\$1 was updated"); $_title_comment_collided = _("On updating \$1, a collision has occurred."); $_msg_comment_collided = _("It seems that someone has already updated the page you were editing.<br />") . _("The comment was added, alhough it may be inserted in the wrong position.<br />"); if (!isset($vars['msg'])) { return array('msg' => '', 'body' => ''); } // Do nothing if (preg_match(PLUGIN_COMMENTX_NGWORD, $vars['msg'])) { return array('msg' => '', 'body' => ''); } // Validate if (is_spampost(array('msg'))) { return plugin_commentx_honeypot(); } $vars['msg'] = preg_replace('/\\s+$/', "", $vars['msg']); // Cut last LF if (PLUGIN_COMMENTX_LINE_BREAK) { // Convert linebreaks into pukiwiki's linebreaks &br; $vars['msg'] = str_replace("\n", "&br;\n", $vars['msg']); } else { // Replace empty lines into #br $vars['msg'] = preg_replace('/^\\s*\\n/m', "#br\n", $vars['msg']); } $head = ''; $match = array(); if (preg_match('/^(-{1,2})-*\\s*(.*)/', $vars['msg'], $match)) { $head =& $match[1]; $vars['msg'] =& $match[2]; } if ($vars['msg'] == '') { return array('msg' => '', 'body' => ''); } // Do nothing $comment = str_replace('$msg', $vars['msg'], PLUGIN_COMMENTX_FORMAT_MSG); list($nick, $vars['name'], $disabled) = plugin_commentx_get_nick(); if (isset($vars['name']) || $vars['nodate'] != '1') { $_name = !isset($vars['name']) || $vars['name'] == '' ? $_no_name : $vars['name']; $_name = $_name == '' ? '' : str_replace('$name', $_name, PLUGIN_COMMENTX_FORMAT_NAME); $_now = $vars['nodate'] == '1' ? '' : str_replace('$now', $now, PLUGIN_COMMENTX_FORMAT_NOW); $comment = str_replace("MSG", $comment, PLUGIN_COMMENTX_FORMAT_STRING); $comment = str_replace("NAME", $_name, $comment); $comment = str_replace("NOW", $_now, $comment); } $comment = '-' . $head . ' ' . $comment; $postdata = ''; $comment_no = 0; $above = isset($vars['above']) && $vars['above'] == '1'; foreach (get_source($vars['refer']) as $line) { if (!$above) { $postdata .= $line; } if (preg_match('/^#commentx/i', $line) && $comment_no++ == $vars['comment_no']) { if ($above) { $postdata = rtrim($postdata) . "\n" . $comment . "\n" . "\n"; // Insert one blank line above #commment, to avoid indentation } else { $postdata = rtrim($postdata) . "\n" . $comment . "\n"; // Insert one blank line below #commment } } if ($above) { $postdata .= $line; } } $title = $_title_updated; $body = ''; if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) { $title = $_title_comment_collided; $body = $_msg_comment_collided . make_pagelink($vars['refer']); } page_write($vars['refer'], $postdata); $retvars['msg'] = $title; $retvars['body'] = $body; if ($vars['refpage']) { header("Location: {$script}?" . rawurlencode($vars['refpage'])); exit; } $vars['page'] = $vars['refer']; return $retvars; }
function plugin_edit_write() { global $vars, $trackback, $_string, $_msg_edit; global $notimeupdate; $page = isset($vars['page']) ? $vars['page'] : null; $add = isset($vars['add']) ? $vars['add'] : null; $digest = isset($vars['digest']) ? $vars['digest'] : null; $partid = isset($vars['id']) ? $vars['id'] : null; $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] !== null; if (empty($page)) { return array('mgs' => 'Error', 'body' => $_msg_edit['err_empty_page']); } $wiki = Factory::Wiki($page); // Check Validate and Ticket if ($notimestamp && !$wiki->isValied()) { return plugin_edit_honeypot(); } // Validate if (is_spampost(array('msg'))) { return plugin_edit_honeypot(); } // Paragraph edit mode if ($partid) { $source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); $vars['msg'] = plugin_edit_parts($partid, $source, $vars['msg']) !== FALSE ? join('', $source) : rtrim($vars['original']) . "\n\n" . $vars['msg']; } $retvars = array(); if (isset($vars['msg']) && !empty($vars['msg'])) { // Delete "#freeze" command for form edit. $vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']); $msg = $vars['msg']; // Reference // Action? if ($add) { // Compat: add plugin and adding contents $postdata = isset($vars['add_top']) && $vars['add_top'] ? $msg . "\n\n" . $oldpagesrc : $oldpagesrc . "\n\n" . $msg; } else { // Edit or Remove $postdata =& $msg; } } else { // CAPTCHAが有効なときで、ページを削除しようとした時、$vars['msg']は空になる。 $wiki->set(''); $retvars['msg'] = sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page)); $retvars['body'] = '<p class="alert alert-success">' . sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page)) . '</p>'; return $retvars; } // $notimeupdate: Checkbox 'Do not change timestamp' // $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != ''; // if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) { if ($notimeupdate > 1 && $notimestamp && Auth::check_role('role_contents_admin') && !pkwk_login($vars['pass'])) { // Enable only administrator & password error $retvars['body'] = '<p class="alert alert-danger">' . $_msg_edit['msg_invalidpass'] . '</p>' . "\n"; $retvars['body'] .= Utility::editForm($page, $msg, FALSE); return $retvars; } $wiki->set($postdata, $notimeupdate !== 0 && $notimestamp); if (isset($vars['refpage']) && $vars['refpage'] !== '') { $refwiki = Factory::Wiki($vars['refpage']); $url = $partid ? $refwiki->uri('read', null, rawurlencode($partid)) : $refwiki->uri(); } else { $url = $partid ? $wiki->uri('read', null, rawurlencode($partid)) : $wiki->uri(); } if (isset($vars['ajax'])) { $headers = Header::getHeaders('application/json'); Header::writeResponse($headers, 200, Json::encode(array('msg' => 'Your post has been saved.', 'posted' => true, 'taketime' => Time::getTakeTime()))); } else { Utility::redirect($url); } exit; }
function plugin_edit_write() { global $post, $vars, $trackback; global $notimeupdate, $do_update_diff_table; global $use_trans_sid_address; // global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted; // global $_msg_invalidpass; $_title_deleted = _(' $1 was deleted'); $_msg_invalidpass = _('Invalid password.'); $page = isset($vars['page']) ? $vars['page'] : ''; $add = isset($vars['add']) ? $vars['add'] : ''; $digest = isset($vars['digest']) ? $vars['digest'] : ''; $partid = isset($vars['id']) ? $vars['id'] : ''; $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != ''; // Check Validate and Ticket if ($notimestamp && !is_page($page)) { return plugin_edit_honeypot(); } // SPAM Check (Client(Browser)-Server Ticket Check) if (isset($post['encode_hint']) && $post['encode_hint'] != PKWK_ENCODING_HINT) { return plugin_edit_honeypot(); } if (!isset($post['encode_hint']) && PKWK_ENCODING_HINT != '') { return plugin_edit_honeypot(); } // Validate if (is_spampost(array('msg'))) { return plugin_edit_honeypot(); } // Paragraph edit mode if ($partid) { $source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); if (plugin_edit_parts($partid, $source, $vars['msg']) !== FALSE) { $vars['msg'] = join('', $source); } else { $vars['msg'] = rtrim($vars['original']) . "\n\n" . $vars['msg']; } } // Delete "#freeze" command for form edit. $vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']); $msg =& $vars['msg']; // Reference $retvars = array(); // Collision Detection $oldpagesrc = get_source($page, TRUE, TRUE); $oldpagemd5 = md5($oldpagesrc); if ($digest != $oldpagemd5) { $vars['digest'] = $oldpagemd5; // Reset $original = isset($vars['original']) ? $vars['original'] : ''; list($postdata_input, $auto) = do_update_diff($oldpagesrc, $msg, $original); $_msg_collided_auto = _('It seems that someone has already updated this page while you were editing it.<br />') . _('The collision has been corrected automatically, but there may still be some problems with the page.<br />') . _('To confirm the changes to the page, press [Update].<br />'); $_msg_collided = _('It seems that someone has already updated this page while you were editing it.<br />') . _(' + is placed at the beginning of a line that was newly added.<br />') . _(' ! is placed at the beginning of a line that has possibly been updated.<br />') . _(' Edit those lines, and submit again.'); $retvars['msg'] = _('On updating $1, a collision has occurred.'); $retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n"; $retvars['body'] .= $do_update_diff_table; unset($vars['id']); // Change edit all-text of pages(from para-edit) $retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE); return $retvars; } // Action? if ($add) { // Add if (isset($vars['add_top']) && $vars['add_top']) { $postdata = $msg . "\n\n" . @join('', get_source($page)); } else { $postdata = @join('', get_source($page)) . "\n\n" . $msg; } } else { // Edit or Remove $postdata =& $msg; // Reference } // NULL POSTING, OR removing existing page if ($postdata == '') { page_write($page, $postdata); $retvars['msg'] = $_title_deleted; $retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted); if ($trackback) { tb_delete($page); } return $retvars; } // $notimeupdate: Checkbox 'Do not change timestamp' // $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != ''; // if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) { if ($notimeupdate > 1 && $notimestamp && auth::check_role('role_adm_contents') && !pkwk_login($vars['pass'])) { // Enable only administrator & password error $retvars['body'] = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n"; $retvars['body'] .= edit_form($page, $msg, $digest, FALSE); return $retvars; } page_write($page, $postdata, $notimestamp); pkwk_headers_sent(); if (isset($vars['refpage']) && $vars['refpage'] != '') { if ($partid) { header('Location: ' . get_page_location_uri($vars['refpage'], '', rawurlencode($partid))); } else { header('Location: ' . get_page_location_uri($vars['refpage'])); } } else { if ($partid) { header('Location: ' . get_page_location_uri($page, '', rawurlencode($partid))); } else { header('Location: ' . get_page_location_uri($page)); } } exit; }