function plugin_links_action()
{
global $script, $post, $vars, $foot_explain;
global $_links_messages;
if (PKWK_READONLY) {
die_message('PKWK_READONLY prohibits this');
}
$msg = $body = '';
if (empty($vars['action']) || empty($post['adminpass']) || !pkwk_login($post['adminpass'])) {
$msg =& $_links_messages['title_update'];
$body = convert_html($_links_messages['msg_usage']);
$body .= <<<EOD
<form method="POST" action="{$script}">
<div>
<input type="hidden" name="plugin" value="links" />
<input type="hidden" name="action" value="update" />
<label for="_p_links_adminpass">{$_links_messages['msg_adminpass']}</label>
<input type="password" name="adminpass" id="_p_links_adminpass" size="20" value="" />
<input type="submit" value="{$_links_messages['btn_submit']}" />
</div>
</form>
EOD;
} elseif ($vars['action'] == 'update') {
links_init();
$foot_explain = array();
// Exhaust footnotes
$msg =& $_links_messages['title_update'];
$body =& $_links_messages['msg_done'];
} else {
$msg =& $_links_messages['title_update'];
$body =& $_links_messages['err_invalid'];
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_update_entities_action()
{
global $script, $vars;
global $_entities_messages;
if (PKWK_READONLY) {
die_message('PKWK_READONLY prohibits this');
}
$msg = $body = '';
if (empty($vars['action']) || empty($vars['adminpass']) || !pkwk_login($vars['adminpass'])) {
$msg =& $_entities_messages['title_update'];
$items = plugin_update_entities_create();
$body = convert_html(sprintf($_entities_messages['msg_usage'], join("\n" . '-', $items)));
$body .= <<<EOD
<form method="POST" action="{$script}">
<div>
<input type="hidden" name="plugin" value="update_entities" />
<input type="hidden" name="action" value="update" />
<label for="_p_update_entities_adminpass">{$_entities_messages['msg_adminpass']}</label>
<input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" />
<input type="submit" value="{$_entities_messages['btn_submit']}" />
</div>
</form>
EOD;
} else {
if ($vars['action'] == 'update') {
plugin_update_entities_create(TRUE);
$msg =& $_entities_messages['title_update'];
$body =& $_entities_messages['msg_done'];
} else {
$msg =& $_entities_messages['title_update'];
$body =& $_entities_messages['err_invalid'];
}
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_unfreeze_action()
{
global $script, $vars, $function_freeze;
global $_title_isunfreezed, $_title_unfreezed, $_title_unfreeze;
global $_msg_invalidpass, $_msg_unfreezing, $_btn_unfreeze;
$page = isset($vars['page']) ? $vars['page'] : '';
if (!$function_freeze || !is_page($page)) {
return array('msg' => '', 'body' => '');
}
$pass = isset($vars['pass']) ? $vars['pass'] : NULL;
$msg = $body = '';
if (!is_freeze($page)) {
// Unfreezed already
$msg =& $_title_isunfreezed;
$body = str_replace('$1', htmlspecialchars(strip_bracket($page)), '<p>' . $_title_isunfreezed . '</p>');
} else {
if ($pass !== NULL && pkwk_login($pass)) {
// Unfreeze
$postdata = get_source($page);
array_shift($postdata);
$postdata = join('', $postdata);
file_write(DATA_DIR, $page, $postdata, TRUE);
// Update
is_freeze($page, TRUE);
if (PLUGIN_UNFREEZE_EDIT) {
$vars['cmd'] = 'read';
// To show 'Freeze' link
$msg =& $_title_unfreezed;
$body = edit_form($page, $postdata);
} else {
$vars['cmd'] = 'read';
$msg =& $_title_unfreezed;
$body = '';
}
} else {
// Show unfreeze form
// kazuwaya
$msg =& $_title_unfreeze;
$s_page = htmlspecialchars($page);
$body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n";
$body .= <<<EOD
<p>{$_msg_unfreezing}</p>
<form action="{$script}" method="post">
<p>
<input type="hidden" name="cmd" value="unfreeze" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="password" name="pass" size="12" />
<input type="submit" name="ok" value="{$_btn_unfreeze}" />
</p>
</form>
EOD;
}
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_filelist_action()
{
global $vars;
if (!Auth::check_role('role_contents_admin')) {
return do_plugin_action('list');
}
if (!isset($vars['pass'])) {
return filelist_adm('');
}
if (!pkwk_login($vars['pass'])) {
return filelist_adm('__nopass__');
}
return do_plugin_action('list');
}
function plugin_freeze_action()
{
global $script, $vars, $function_freeze;
$_title_isfreezed = _(' $1 has already been frozen');
$_title_freezed = _(' $1 has been frozen.');
$_title_freeze = _('Freeze $1');
$_msg_invalidpass = _('Invalid password.');
$_msg_freezing = _('Please input the password for freezing.');
$_btn_freeze = _('Freeze');
$page = isset($vars['page']) ? $vars['page'] : '';
if (!$function_freeze || is_cantedit($page) || !is_page($page)) {
return array('msg' => '', 'body' => '');
}
$pass = isset($vars['pass']) ? $vars['pass'] : NULL;
$msg = $body = '';
if (is_freeze($page)) {
// Freezed already
$msg =& $_title_isfreezed;
$body = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_isfreezed);
} else {
if (!auth::check_role('role_adm_contents') || $pass !== NULL && pkwk_login($pass)) {
// Freeze
$postdata = get_source($page);
array_unshift($postdata, "#freeze\n");
file_write(DATA_DIR, $page, join('', $postdata), TRUE);
// Update
is_freeze($page, TRUE);
$vars['cmd'] = 'read';
$msg =& $_title_freezed;
$body = '';
} else {
// Show a freeze form
$msg =& $_title_freeze;
$s_page = htmlspecialchars($page);
$body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n";
$body .= <<<EOD
<p>{$_msg_freezing}</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="cmd" value="freeze" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="password" name="pass" size="12" />
<input type="submit" name="ok" value="{$_btn_freeze}" />
</div>
</form>
EOD;
}
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_freeze_action()
{
global $script, $vars, $function_freeze;
global $_title_isfreezed, $_title_freezed, $_title_freeze;
global $_msg_invalidpass, $_msg_freezing, $_btn_freeze;
$qt = get_qt();
//キャッシュしない
$qt->enable_cache = false;
$page = isset($vars['page']) ? $vars['page'] : '';
if (!$function_freeze || !is_page($page)) {
return array('msg' => '', 'body' => '');
}
$pass = isset($vars['pass']) ? $vars['pass'] : NULL;
$msg = $body = '';
if (is_freeze($page)) {
// Freezed already
$msg =& $_title_isfreezed;
$body = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_isfreezed);
} else {
if ($pass !== NULL && pkwk_login($pass)) {
// Freeze
$postdata = get_source($page);
array_unshift($postdata, "#freeze\n");
file_write(DATA_DIR, $page, join('', $postdata), TRUE);
// Update
is_freeze($page, TRUE);
$vars['cmd'] = 'read';
$msg =& $_title_freezed;
$body = '';
} else {
// Show a freeze form
$msg =& $_title_freeze;
$s_page = htmlspecialchars($page);
$body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n";
$body .= <<<EOD
<p>{$_msg_freezing}</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="cmd" value="freeze" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="password" name="pass" size="12" />
<input type="submit" name="ok" value="{$_btn_freeze}" />
</div>
</form>
EOD;
}
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_dump2_action()
{
global $style_name, $script;
$qm = get_qm();
$style_name = '..';
$back_url = '<p><a href="' . $script . '">' . $qm->m['frontpage'] . '</a> > <a href="' . $script . '?cmd=qhmsetting">' . $qm->m['preferences'] . '</a> > here</p>';
$editable = ss_admin_check();
if (!$editable) {
return array('msg' => $qm->m['plg_dump']['title'], 'body' => $qm->m['fmt_err_page_only_for_admin']);
}
global $vars;
if (PKWK_READONLY) {
die_message($qm->m['fmt_err_pkwk_readonly']);
}
$pass = isset($_POST['pass']) ? $_POST['pass'] : NULL;
$act = isset($vars['act']) ? $vars['act'] : NULL;
$body = '';
if ($pass !== NULL) {
if (!pkwk_login($pass)) {
$body = "<p><strong>{$qm->m['fmt_msg_invalidpass']}</strong></p>\n";
} else {
switch ($act) {
case PLUGIN_DUMP_DUMP:
$body = plugin_dump2_download();
break;
case PLUGIN_DUMP_RESTORE:
$retcode = plugin_dump2_upload();
$msg = $retcode['code'] ? $qm->m['plg_dump']['restore_success'] : $qm->m['plg_dump']['restore_failed'];
$body .= $retcode['msg'];
return array('msg' => $msg, 'body' => $back_url . $body);
break;
case PLUGIN_DUMP_FULL:
$body = plugin_dump2_download_full();
break;
}
}
}
// 入力フォームを表示
$body .= plugin_dump2_disp_form();
$msg = '';
if (PLUGIN_DUMP_ALLOW_RESTORE) {
$msg = $qm->m['plg_dump']['title_bk_rstr'];
} else {
$msg = $qm->m['plg_dump']['title_bk'];
}
return array('msg' => $msg, 'body' => $back_url . $body);
}
function plugin_replace_action()
{
global $post, $cycle, $cantedit;
$pass = isset($post['pass']) ? $post['pass'] : '******';
$search = isset($post['search']) ? $post['search'] : NULL;
$replace = isset($post['replace']) ? $post['replace'] : NULL;
$notimestamp = isset($post['notimestamp']) ? TRUE : FALSE;
if ($search != '' && !auth::check_role('role_adm_contents')) {
return replace_do($search, $replace, $notimestamp);
}
// パスワードと検索文字列がないと置換はできない。
if ($search == '' || !pkwk_login($pass) || $pass == 'pass') {
$vars['cmd'] = 'read';
return replace_adm($pass, $search);
}
return replace_do($search, $replace, $notimestamp);
}
function plugin_list_action()
{
global $vars;
// global $_title_list,$_title_filelist;
$_title_list = _('List of pages');
$_title_filelist = _('List of page files');
// Redirected from filelist plugin?
$filelist = isset($vars['cmd']) && $vars['cmd'] == 'filelist';
if ($filelist) {
if (!auth::check_role('role_adm_contents')) {
$filelist = TRUE;
} else {
if (!pkwk_login($vars['pass'])) {
$filelist = FALSE;
}
}
}
$listcmd = isset($vars['listcmd']) ? $vars['listcmd'] : 'read';
return array('msg' => $filelist ? $_title_filelist : $_title_list, 'body' => plugin_list_getlist($filelist, $listcmd));
}
function plugin_revert_action()
{
global $vars, $post, $_revert_messages, $_msg_preview;
$pass = isset($post['pass']) ? $post['pass'] : FALSE;
$page = isset($vars['page']) ? $vars['page'] : '';
$age = isset($vars['age']) ? $vars['age'] : '';
if ($page === '') {
return;
}
if (PLUGIN_REVERT_USE_ADMIN_ONLY && $pass === FALSE) {
return array('msg' => 'revert plugin', 'body' => plugin_revert_auth($page, $age));
}
if (PLUGIN_REVERT_USE_ADMIN_ONLY && !pkwk_login($pass)) {
return array('msg' => 'revert plugin', 'body' => $_revert_messages['invalidpass']);
}
if ($age) {
// get_backup($page, $age)の形式だと最後の世代だけ取得できず全世代取得になる
$backups = get_backup($page);
if (empty($backups[$age]['data'])) {
return array('msg' => 'revert plugin', 'body' => 'Backup file not found.');
}
$revertdata = $backups[$age]['data'];
unset($backups);
} else {
$filename = DIFF_DIR . encode($page) . '.txt';
if (!file_exists($filename)) {
return array('msg' => 'revert plugin', 'body' => 'Diff file not found.');
}
$revertdata = array();
foreach (file($filename) as $line) {
if ($line[0] !== '+') {
$revertdata[] = substr($line, 1);
}
}
}
$vars['preview'] = $post['preview'] = 1;
$vars['msg'] = $post['msg'] = join('', $revertdata);
$vars['digest'] = $post['digest'] = is_page($page) ? md5(join('', get_source($page))) : FALSE;
$_msg_preview = $_revert_messages['caution'] . "<br />\n" . $_msg_preview;
return do_plugin_action('edit');
}
function plugin_dump_action()
{
global $vars;
if (PKWK_READONLY) {
die_message('PKWK_READONLY prohibits this');
}
$pass = isset($_POST['pass']) ? $_POST['pass'] : null;
$act = isset($vars['act']) ? $vars['act'] : null;
$body = '';
if ($pass !== null) {
if (!pkwk_login($pass)) {
$body = "<p><strong>パスワードが違います。</strong></p>\n";
} else {
switch ($act) {
case PLUGIN_DUMP_DUMP:
$body = plugin_dump_download();
break;
case PLUGIN_DUMP_RESTORE:
$retcode = plugin_dump_upload();
if ($retcode['code'] == true) {
$msg = 'アップロードが完了しました';
} else {
$msg = 'アップロードに失敗しました';
}
$body .= $retcode['msg'];
return array('msg' => $msg, 'body' => $body);
break;
}
}
}
// 入力フォームを表示
$body .= plugin_dump_disp_form();
$msg = '';
if (PLUGIN_DUMP_ALLOW_RESTORE) {
$msg = 'dump & restore';
} else {
$msg = 'dump';
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_update_entities_action()
{
global $script, $vars;
global $_entities_messages;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
if (auth::check_role('readonly')) {
die_message('PKWK_READONLY prohibits this');
}
$msg = $body = '';
$admin_pass = empty($vars['adminpass']) ? '' : $vars['adminpass'];
if (isset($vars['menu']) && (!auth::check_role('role_adm_contents') || pkwk_login($admin_pass))) {
set_time_limit(0);
plugin_update_entities_create(TRUE);
$msg =& $_entities_messages['title_update'];
$body =& $_entities_messages['msg_done'];
return array('msg' => $msg, 'body' => $body);
}
$msg =& $_entities_messages['title_update'];
$items = plugin_update_entities_create();
$body = convert_html(sprintf($_entities_messages['msg_usage1'], join("\n" . '-', $items)));
$body .= <<<EOD
<form method="post" action="{$script}">
<div>
<input type="hidden" name="plugin" value="update_entities" />
<input type="hidden" name="menu" value="1" />
EOD;
if (auth::check_role('role_adm_contents')) {
$body .= convert_html(sprintf($_entities_messages['msg_usage2']));
$body .= <<<EOD
<label for="_p_update_entities_adminpass">{$_entities_messages['msg_adminpass']}</label>
<input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" />
EOD;
}
$body .= <<<EOD
<input type="submit" value="{$_entities_messages['btn_submit']}" />
</div>
</form>
EOD;
return array('msg' => $msg, 'body' => $body);
}
function plugin_links_action()
{
global $script, $post, $vars, $foot_explain;
global $_links_messages;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
if (auth::check_role('readonly')) {
die_message(_("PKWK_READONLY prohibits this"));
}
$admin_pass = empty($post['adminpass']) ? '' : $post['adminpass'];
if (isset($vars['menu']) && (!auth::check_role('role_adm_contents') || pkwk_login($admin_pass))) {
set_time_limit(0);
links_init();
$foot_explain = array();
// Exhaust footnotes
$msg =& $_links_messages['title_update'];
$body =& $_links_messages['msg_done'];
return array('msg' => $msg, 'body' => $body);
}
$msg =& $_links_messages['title_update'];
$body = convert_html(sprintf($_links_messages['msg_usage1']));
$body .= <<<EOD
<form method="post" action="{$script}">
<div>
<input type="hidden" name="plugin" value="links" />
<input type="hidden" name="menu" value="1" />
EOD;
if (auth::check_role('role_adm_contents')) {
$body .= convert_html(sprintf($_links_messages['msg_usage2']));
$body .= <<<EOD
<label for="_p_links_adminpass">{$_links_messages['msg_adminpass']}</label>
<input type="password" name="adminpass" id="_p_links_adminpass" size="20" value="" />
EOD;
}
$body .= <<<EOD
<input type="submit" value="{$_links_messages['btn_submit']}" />
</div>
</form>
EOD;
return array('msg' => $msg, 'body' => $body);
}
function plugin_diff_delete($page)
{
global $script, $vars;
global $_title_diff_delete, $_msg_diff_deleted;
global $_msg_diff_adminpass, $_btn_delete, $_msg_invalidpass;
$filename = DIFF_DIR . encode($page) . '.txt';
$body = '';
if (!is_pagename($page)) {
$body = 'Invalid page name';
}
if (!file_exists($filename)) {
$body = make_pagelink($page) . '\'s diff seems not found';
}
if ($body) {
return array('msg' => $_title_diff_delete, 'body' => $body);
}
if (isset($vars['pass'])) {
if (pkwk_login($vars['pass'])) {
unlink($filename);
return array('msg' => $_title_diff_delete, 'body' => str_replace('$1', make_pagelink($page), $_msg_diff_deleted));
} else {
$body .= '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
}
}
$s_page = htmlsc($page);
$body .= <<<EOD
<p>{$_msg_diff_adminpass}</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="cmd" value="diff" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="action" value="delete" />
<input type="password" name="pass" size="12" />
<input type="submit" name="ok" value="{$_btn_delete}" />
</div>
</form>
EOD;
return array('msg' => $_title_diff_delete, 'body' => $body);
}
function plugin_backup_delete($page)
{
global $vars, $layout_pages;
$is_layout = FALSE;
if (isset($layout_pages) && isset($layout_pages[$page])) {
$is_layout = TRUE;
}
$qm = get_qm();
if (!_backup_file_exists($page)) {
return array('msg' => $qm->m['plg_backup']['title_pagebackuplist'], 'body' => plugin_backup_get_list($page));
}
// Say "is not found"
$body = '';
if (isset($vars['pass'])) {
if (pkwk_login($vars['pass'])) {
_backup_delete($page);
$pagelink = $is_layout ? h($layout_pages[$page]) : make_pagelink($page);
$addlink = $is_layout ? "\n" . '<p><a href="' . h($script) . '?cmd=edit&page=' . rawurlencode($page) . '">戻る</a></p>' : '';
return array('msg' => $is_layout ? h($layout_pages[$page]) . ' のバックアップを削除' : $qm->m['plg_backup']['title_backup_delete'], 'body' => str_replace('$1', $pagelink, $qm->m['plg_backup']['backup_deleted']) . $addlink);
} else {
$body = '<p><strong>' . $qm->m['fmt_err_invalidpass'] . '</strong></p>' . "\n";
}
}
$script = get_script_uri();
$s_page = htmlspecialchars($page);
$body .= <<<EOD
<p>{$qm->m['plg_backup']['backup_adminpass']}</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="cmd" value="backup" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="action" value="delete" />
<input type="password" name="pass" size="12" />
<input type="submit" name="ok" value="{$qm->m['fmt_btn_delete']}" />
</div>
</form>
EOD;
$title = $is_layout ? h($layout_pages[$page]) . ' のバックアップを削除' : $qm->m['plg_backup']['title_backup_delete'];
return array('msg' => $title, 'body' => $body);
}
function plugin_convert_haik_action()
{
global $vars, $script;
if (!ss_admin_check()) {
redirect($script, '管理者以外利用できません。');
}
if (!file_exists('haik-contents') or !is_dir('haik-contents')) {
redirect($script, 'この機能はご利用いただけません。');
}
//確認画面
if (!isset($vars['adminpass']) or !pkwk_login($vars['adminpass'])) {
$msg = 'haik データ移行';
$info = plugin_convert_haik_get_info();
$warning = plugin_convert_haik_get_warning();
$danger = '';
if (isset($vars['adminpass'])) {
$danger = <<<EOD
<div class="alert alert-danger">
管理者パスワードが正しくありません。
</div>
EOD;
}
$body = <<<EOD
<h2>{$msg}</h2>
<p>
haik のデータを QHM で動作するように変換します。<br>
実行すると、<strong>現在のデータに対して</strong>上書きされます。
よろしければ、<strong>開始</strong>ボタンを押して実行してください。
</p>
{$warning}
{$danger}
<form action="{$script}?cmd=convert_haik" method="post" class="form-inline">
<div class="form-group">
<label>管理者パスワード</label>
<input type="password" name="adminpass" class="form-control">
</div>
<button type="submit" class="qhm-btn qhm-btn-primary">開始</button>
</form>
<hr>
<h3>移行情報</h3>
{$info}
EOD;
return array('msg' => $msg, 'body' => $body);
}
// タイムスタンプを記録する
plugin_convert_haik_write_log(date('Y-m-d H:i:s') . ' haik からのデータ移行開始' . "\n");
//1.haik-contents/config/haik.ini.php を適宜 qhm.ini.php へ移植
plugin_convert_haik_move_inifile();
//2.haik-contents/upload/* を swfu/d/ へ移動し、ファイルチェックを行う
plugin_convert_haik_move_uploadfile();
//3.haik-contents/wiki/*.txt を wiki/ へコピーする
plugin_convert_haik_move_wiki();
//4.haik と qhm で名前が異なるプラグインを変換する
plugin_convert_haik_replace_plugin();
//5.haik-contents/meta/*.php を解釈して書式をソースへ追加する
plugin_convert_haik_set_meta();
plugin_convert_haik_write_log('');
$log_text = file_get_contents(CACHE_DIR . 'convert_haik.log');
$url = dirname($script . "dummy") . '/swfu/check.php';
$body = <<<EOD
<h2>移行が完了しました</h2>
<p>
<a href="{$script}" class="qhm-btn qhm-btn-info">トップへ戻る</a>
</p>
<div class="alert alert-warning">
haik と QHM で対応するプラグインが無い場合、変換が行われていないため、手動での削除、修正をお願いいたします。
<pre>* download プラグイン
* mc_form プラグイン
* form プラグイン
* goo_gl プラグイン
* scrollup プラグイン</pre>
</div>
<div class="alert alert-warning">
icon プラグインは IcoMoon から <a href="http://getbootstrap.com/components/#glyphicons" title="Bootstrap glyphicons" target="_blank">glyphicon</a>, <a href="http://fortawesome.github.io/Font-Awesome/cheatsheet/" title="FontAwesome Cheatsheat" target="_blank">font-awesome</a> に変更されました。<br>
指定したアイコン名によっては表示されなくなる場合があります。
</div>
<hr>
<h3>移行ログ</h3>
<div style="height:300px;overflow-y:scroll">
<pre>{$log_text}</pre>
</div>
EOD;
$body .= '<iframe src="' . $url . '" width="0" height="0"></iframe>';
return array('msg' => 'complete', 'body' => $body);
}
function plugin_edit_write()
{
global $vars, $trackback, $_string, $_msg_edit;
global $notimeupdate;
$page = isset($vars['page']) ? $vars['page'] : null;
$add = isset($vars['add']) ? $vars['add'] : null;
$digest = isset($vars['digest']) ? $vars['digest'] : null;
$partid = isset($vars['id']) ? $vars['id'] : null;
$notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] !== null;
if (empty($page)) {
return array('mgs' => 'Error', 'body' => $_msg_edit['err_empty_page']);
}
$wiki = Factory::Wiki($page);
// Check Validate and Ticket
if ($notimestamp && !$wiki->isValied()) {
return plugin_edit_honeypot();
}
// Validate
if (is_spampost(array('msg'))) {
return plugin_edit_honeypot();
}
// Paragraph edit mode
if ($partid) {
$source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
$vars['msg'] = plugin_edit_parts($partid, $source, $vars['msg']) !== FALSE ? join('', $source) : rtrim($vars['original']) . "\n\n" . $vars['msg'];
}
$retvars = array();
if (isset($vars['msg']) && !empty($vars['msg'])) {
// Delete "#freeze" command for form edit.
$vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']);
$msg = $vars['msg'];
// Reference
// Action?
if ($add) {
// Compat: add plugin and adding contents
$postdata = isset($vars['add_top']) && $vars['add_top'] ? $msg . "\n\n" . $oldpagesrc : $oldpagesrc . "\n\n" . $msg;
} else {
// Edit or Remove
$postdata =& $msg;
}
} else {
// CAPTCHAが有効なときで、ページを削除しようとした時、$vars['msg']は空になる。
$wiki->set('');
$retvars['msg'] = sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page));
$retvars['body'] = '<p class="alert alert-success">' . sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page)) . '</p>';
return $retvars;
}
// $notimeupdate: Checkbox 'Do not change timestamp'
// $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
// if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) {
if ($notimeupdate > 1 && $notimestamp && Auth::check_role('role_contents_admin') && !pkwk_login($vars['pass'])) {
// Enable only administrator & password error
$retvars['body'] = '<p class="alert alert-danger">' . $_msg_edit['msg_invalidpass'] . '</p>' . "\n";
$retvars['body'] .= Utility::editForm($page, $msg, FALSE);
return $retvars;
}
$wiki->set($postdata, $notimeupdate !== 0 && $notimestamp);
if (isset($vars['refpage']) && $vars['refpage'] !== '') {
$refwiki = Factory::Wiki($vars['refpage']);
$url = $partid ? $refwiki->uri('read', null, rawurlencode($partid)) : $refwiki->uri();
} else {
$url = $partid ? $wiki->uri('read', null, rawurlencode($partid)) : $wiki->uri();
}
if (isset($vars['ajax'])) {
$headers = Header::getHeaders('application/json');
Header::writeResponse($headers, 200, Json::encode(array('msg' => 'Your post has been saved.', 'posted' => true, 'taketime' => Time::getTakeTime())));
} else {
Utility::redirect($url);
}
exit;
}
function plugin_rename_phase3($pages)
{
global $_rename_messages, $vars;
$msg = $input = '';
$files = plugin_rename_get_files($pages);
$exists = array();
foreach ($files as $_page => $arr) {
foreach ($arr as $old => $new) {
if (file_exists($new)) {
$exists[$_page][$old] = $new;
}
}
}
if (isset($vars['menu']) && !Auth::check_role('role_contents_admin')) {
return plugin_rename_phase4($pages, $files, $exists);
}
$pass = plugin_rename_getvar('pass');
if ($pass != '' && pkwk_login($pass)) {
return plugin_rename_phase4($pages, $files, $exists);
} else {
if ($pass != '') {
$msg = plugin_rename_err('adminpass');
}
}
$method = plugin_rename_getvar('method');
if ($method == 'regex') {
$s_src = htmlsc(plugin_rename_getvar('src'));
$s_dst = htmlsc(plugin_rename_getvar('dst'));
$msg .= $_rename_messages['msg_regex'] . '<br />';
$input .= '<input type="hidden" name="method" value="regex" />';
$input .= '<input type="hidden" name="src" value="' . $s_src . '" />';
$input .= '<input type="hidden" name="dst" value="' . $s_dst . '" />';
} else {
$s_refer = htmlsc(plugin_rename_getvar('refer'));
$s_page = htmlsc(plugin_rename_getvar('page'));
$s_related = htmlsc(plugin_rename_getvar('related'));
$msg .= $_rename_messages['msg_page'] . '<br />';
$input .= '<input type="hidden" name="method" value="page" />';
$input .= '<input type="hidden" name="refer" value="' . $s_refer . '" />';
$input .= '<input type="hidden" name="page" value="' . $s_page . '" />';
$input .= '<input type="hidden" name="related" value="' . $s_related . '" />';
}
if (!empty($exists)) {
$msg .= $_rename_messages['err_already_below'] . '<ul>';
foreach ($exists as $page => $arr) {
$msg .= '<li>' . make_pagelink(decode($page));
$msg .= $_rename_messages['msg_arrow'];
$msg .= htmlsc(decode($pages[$page]));
if (!empty($arr)) {
$msg .= '<ul>' . "\n";
foreach ($arr as $ofile => $nfile) {
$msg .= '<li>' . $ofile . $_rename_messages['msg_arrow'] . $nfile . '</li>' . "\n";
}
$msg .= '</ul>';
}
$msg .= '</li>' . "\n";
}
$msg .= '</ul><hr />' . "\n";
$input .= '<input type="radio" name="exist" value="0" checked="checked" />' . $_rename_messages['msg_exist_none'] . '<br />' . "\n";
$input .= '<input type="radio" name="exist" value="1" />' . $_rename_messages['msg_exist_overwrite'] . '<br />' . "\n";
}
$ret = array();
$auth = '';
if (Auth::check_role('role_contents_admin')) {
$auth = <<<EOD
<div class="form-group">
<label for="_p_rename_adminpass">{$_rename_messages['msg_adminpass']}</label>
<input type="password" name="pass" id="_p_rename_adminpass" value="" class="form-control" />
</div>
EOD;
}
$ret['msg'] = $_rename_messages['msg_title'];
$script = get_script_uri();
$ret['body'] = <<<EOD
{$msg}
\t<form action="{$script}" method="post" class="plugin-rename-form">
\t\t<input type="hidden" name="cmd" value="rename" />
\t\t<input type="hidden" name="menu" value="1" />
\t\t{$input}
\t\t{$auth}
\t\t<input type="submit" class="btn btn-warning" value="{$_rename_messages['btn_submit']}" />
\t</form>
\t<p>{$_rename_messages['msg_confirm']}</p>
EOD;
ksort($pages, SORT_STRING);
$ret['body'] .= '<ul>' . "\n";
foreach ($pages as $old => $new) {
$ret['body'] .= '<li>' . make_pagelink(decode($old)) . $_rename_messages['msg_arrow'] . Utility::htmlsc(Utility::decode($new)) . '</li>' . "\n";
}
$ret['body'] .= '</ul>' . "\n";
return $ret;
}
function plugin_mceedit_write()
{
global $vars, $trackback;
global $notimeupdate;
// global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted;
// global $_msg_invalidpass;
$page = isset($vars['page']) ? $vars['page'] : '';
$retvars = array();
// 手書きの#freezeを削除
$vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']);
$vars['msg'] = $vars['before'] . "\n#html{{\n" . $vars['msg'] . "\n}}\n";
//TinyMCE
$postdata = $postdata_input = $vars['msg'];
if (isset($vars['add']) && $vars['add']) {
if (isset($vars['add_top']) && $vars['add_top']) {
$postdata = $postdata . "\n\n" . @join('', get_source($page));
} else {
$postdata = @join('', get_source($page)) . "\n\n" . $postdata;
}
} else {
if (isset($vars['id']) && $vars['id']) {
$source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
if (plugin_mceedit_parts($vars['id'], $source, $vars['msg']) !== FALSE) {
$postdata = $postdata_input = join('', $source);
} else {
// $post['msg']だけがページに書き込まれてしまうのを防ぐ。
$postdata = $postdata_input = rtrim($vars['original']) . "\n\n" . $vars['msg'];
}
}
}
$oldpagesrc = join('', get_source($page));
$oldpagemd5 = md5($oldpagesrc);
if (!isset($vars['digest']) || $vars['digest'] != $oldpagemd5) {
$vars['digest'] = $oldpagemd5;
$retvars['msg'] = _('On updating $1, a collision has occurred.');
list($postdata_input, $auto) = do_update_diff($oldpagesrc, $postdata_input, $vars['original']);
$_msg_collided_auto = _('It seems that someone has already updated this page while you were editing it.<br />') . _('The collision has been corrected automatically, but there may still be some problems with the page.<br />') . _('To confirm the changes to the page, press [Update].<br />');
$_msg_collided = _('It seems that someone has already updated this page while you were editing it.<br />') . _(' + is placed at the beginning of a line that was newly added.<br />') . _(' ! is placed at the beginning of a line that has possibly been updated.<br />') . _(' Edit those lines, and submit again.');
$_msg_invalidpass = _('Invalid password.');
$retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n";
if (TRUE) {
global $do_update_diff_table;
$retvars['body'] .= $do_update_diff_table;
}
unset($vars['id']);
// 更新が衝突したら全文編集に切り替え
$retvars['body'] .= plugin_mceedit_edit_form($page, $postdata_input, $oldpagemd5, FALSE);
} else {
if ($postdata) {
$notimestamp = $notimeupdate != 0 && (isset($vars['notimestamp']) && $vars['notimestamp'] != '');
// if($notimestamp && ($notimeupdate == 2) && !pkwk_login($vars['pass'])) {
if ($notimestamp && $notimeupdate == 2 && auth::check_role('role_adm_contents') && !pkwk_login($vars['pass'])) {
// enable only administrator & password error
$retvars['body'] = "<p><strong>{$_msg_invalidpass}</strong></p>\n";
$retvars['body'] .= plugin_mceedit_edit_form($page, $vars['msg'], $vars['digest'], FALSE);
} else {
page_write($page, $postdata, $notimestamp);
pkwk_headers_sent();
if ($vars['refpage'] != '') {
if ($vars['id'] != '') {
header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refpage'])) . '#' . rawurlencode($vars['id']);
} else {
header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refpage']));
}
} else {
if ($vars['id'] != '') {
header('Location: ' . get_script_uri() . '?' . rawurlencode($page)) . '#' . rawurlencode($vars['id']);
} else {
header('Location: ' . get_script_uri() . '?' . rawurlencode($page));
}
}
exit;
}
} else {
$_title_deleted = _(' $1 was deleted');
page_write($page, $postdata);
$retvars['msg'] = $_title_deleted;
$retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted);
if ($trackback) {
tb_delete($page);
}
}
}
return $retvars;
}
function plugin_backup_delete($page)
{
global $vars, $script;
// global $_title_backup_delete, $_title_pagebackuplist, $_msg_backup_deleted;
// global $_msg_backup_adminpass, $_btn_delete, $_msg_invalidpass;
$_title_backup_delete = _('Deleting backup of $1');
$_title_pagebackuplist = _('Backup list of $1');
$_title_backuplist = _('Backup list');
$_msg_backup_deleted = _('Backup of $1 has been deleted.');
$_msg_backup_adminpass = _('Please input the password for deleting.');
$_btn_delete = _('Delete');
$_msg_invalidpass = _('Invalid password.');
if (!_backup_file_exists($page)) {
return array('msg' => $_title_pagebackuplist, 'body' => plugin_backup_get_list($page));
}
// Say "is not found"
$body = '';
if (!auth::check_role('role_adm_contents')) {
_backup_delete($page);
return array('msg' => $_title_backup_delete, 'body' => str_replace('$1', make_pagelink($page), $_msg_backup_deleted));
}
if (isset($vars['pass'])) {
if (pkwk_login($vars['pass'])) {
_backup_delete($page);
return array('msg' => $_title_backup_delete, 'body' => str_replace('$1', make_pagelink($page), $_msg_backup_deleted));
} else {
$body = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
}
}
$s_page = htmlspecialchars($page);
$body .= <<<EOD
<p>{$_msg_backup_adminpass}</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="cmd" value="backup" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="action" value="delete" />
<input type="password" name="pass" size="12" />
<input type="submit" name="ok" value="{$_btn_delete}" />
</div>
</form>
EOD;
return array('msg' => $_title_backup_delete, 'body' => $body);
}
/**
* PukiWiki admin login with session
*
* PukiWiki API Extension
*
* @param string $pass Password. Use NULL when to get current session state.
* @param boolean $use_session Use Session log
* @param boolean $use_authlog Use Auth log.
* Username 'admin' is deemed to be Admin in PukiWiki Official.
* PukiWiki Plus! has role management, roles ROLE_ADM and ROLE_ADM_CONTENTS are deemed to be Admin.
* @return boolean
*/
function is_admin($pass = NULL, $use_session = FALSE, $use_authlog = FALSE)
{
$is_admin = FALSE;
if (!$is_admin) {
if ($use_session) {
session_start();
$is_admin = isset($_SESSION['pkwk_is_admin']) && $_SESSION['pkwk_is_admin'];
}
}
// BasicAuth (etc) login
if (!$is_admin) {
if ($use_authlog) {
if (is_callable(array('auth', 'check_role'))) {
// Plus!
$is_admin = !auth::check_role('role_adm_contents');
} else {
$is_admin = isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] === 'admin';
}
}
}
// PukiWiki Admin login
if (!$is_admin) {
if (isset($pass)) {
$is_admin = function_exists('pkwk_login') ? pkwk_login($pass) : md5($pass) === $GLOBALS['adminpass'];
// 1.4.3
}
}
if ($use_session) {
session_start();
if ($is_admin) {
$_SESSION['pkwk_is_admin'] = TRUE;
}
} else {
global $vars;
$vars['pkwk_is_admin'] = $is_admin;
}
return $is_admin;
}
function plugin_rename_phase3($pages)
{
global $script;
$qm = get_qm();
$msg = $input = '';
$files = plugin_rename_get_files($pages);
$exists = array();
foreach ($files as $_page => $arr) {
foreach ($arr as $old => $new) {
if (file_exists($new)) {
$exists[$_page][$old] = $new;
}
}
}
$pass = plugin_rename_getvar('pass');
if ($pass != '' && pkwk_login($pass)) {
return plugin_rename_proceed($pages, $files, $exists);
} else {
if ($pass != '') {
$msg = plugin_rename_err('adminpass');
}
}
$method = plugin_rename_getvar('method');
if ($method == 'regex') {
$s_src = htmlspecialchars(plugin_rename_getvar('src'));
$s_dst = htmlspecialchars(plugin_rename_getvar('dst'));
$msg .= $qm->m['plg_rename']['regex'] . '<br />';
$input .= '<input type="hidden" name="method" value="regex" />';
$input .= '<input type="hidden" name="src" value="' . $s_src . '" />';
$input .= '<input type="hidden" name="dst" value="' . $s_dst . '" />';
} else {
$s_refer = htmlspecialchars(plugin_rename_getvar('refer'));
$s_page = htmlspecialchars(plugin_rename_getvar('page'));
$s_related = htmlspecialchars(plugin_rename_getvar('related'));
$msg .= $qm->m['plg_rename']['page'] . '<br />';
$input .= '<input type="hidden" name="method" value="page" />';
$input .= '<input type="hidden" name="refer" value="' . $s_refer . '" />';
$input .= '<input type="hidden" name="page" value="' . $s_page . '" />';
$input .= '<input type="hidden" name="related" value="' . $s_related . '" />';
}
if (!empty($exists)) {
$msg .= $qm->m['plg_rename']['err_already_below'] . '<ul>';
foreach ($exists as $page => $arr) {
$msg .= '<li>' . make_pagelink(decode($page));
$msg .= $qm->m['plg_rename']['arrow'];
$msg .= htmlspecialchars(decode($pages[$page]));
if (!empty($arr)) {
$msg .= '<ul>' . "\n";
foreach ($arr as $ofile => $nfile) {
$msg .= '<li>' . $ofile . $qm->m['plg_rename']['arrow'] . $nfile . '</li>' . "\n";
}
$msg .= '</ul>';
}
$msg .= '</li>' . "\n";
}
$msg .= '</ul><hr />' . "\n";
$input .= '<input type="radio" name="exist" value="0" checked="checked" />' . $qm->m['plg_rename']['exist_none'] . '<br />';
$input .= '<input type="radio" name="exist" value="1" />' . $qm->m['plg_rename']['exist_overwrite'] . '<br />';
}
$ret = array();
$ret['msg'] = $qm->m['plg_rename']['title'];
$ret['body'] = <<<EOD
<p>{$msg}</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="plugin" value="rename" />
{$input}
<label for="_p_rename_adminpass">{$qm->m['plg_rename']['adminpass']}</label>
<input type="password" name="pass" id="_p_rename_adminpass" value="" />
<input type="submit" value="{$qm->m['plg_rename']['btn_submit']}" />
</div>
</form>
<p>{$qm->m['plg_rename']['confirm']}</p>
EOD;
ksort($pages);
$ret['body'] .= '<ul>' . "\n";
foreach ($pages as $old => $new) {
$ret['body'] .= '<li>' . make_pagelink(decode($old)) . $qm->m['plg_rename']['arrow'] . htmlspecialchars(decode($new)) . '</li>' . "\n";
}
$ret['body'] .= '</ul>' . "\n";
return $ret;
}
function plugin_update_tinycode_action()
{
global $script, $vars, $defaultpage;
global $username;
$qm = get_qm();
//check admin, setting
if ($username != $_SESSION['usr'] && $vars['phase'] != 'user2' && $vars['phase'] != 'script' && $vars['phase'] != 'sssavepath') {
return array('msg' => $qm->m['plg_update_tinycode']['title_err_auth'], 'body' => $qm->m['plg_update_tinycode']['err_auth']);
}
if (PKWK_READONLY) {
die_message($qm->m['fmt_err_pkwk_readonly']);
}
// テンプレート指定
$tinycode_title = $qm->m['plg_update_tinycode']['title'];
$body_top = '
* ' . $qm->m['plg_update_tinycode']['title'] . '
#contents
';
$body_page = '
** ' . $qm->m['plg_update_tinycode']['hdr_update'] . '
' . $qm->m['plg_update_tinycode']['ntc_update'] . '
- ' . $qm->m['plg_update_tinycode']['update_pagename'] . '
%update_tinycode%
%update_form%
&br;
';
$body_list = '
** ' . $qm->m['plg_update_tinycode']['hdr_list'] . ' [#list]
' . $qm->m['plg_update_tinycode']['ntc_list'] . '
%list_form%
';
$body_clean = '
** ' . $qm->m['plg_update_tinycode']['hdr_clean'] . ' [#clean]
' . $qm->m['plg_update_tinycode']['ntc_clean'] . '
%clean_form%
&br;
';
$body_reset = '
** ' . $qm->m['plg_update_tinycode']['hdr_reset'] . ' [#reset]
' . $qm->m['plg_update_tinycode']['ntc_reset'] . '
%reset_form%
&br;
';
$body_verup = '
** ' . $qm->m['plg_update_tinycode']['hdr_init'] . ' [#verup]
' . $qm->m['plg_update_tinycode']['ntc_init'] . '
%verup_form%
&br;
';
$pagename = $vars['page'];
$go_tinycode_top = '<p style="text-align:right"><a href="' . $script . '?cmd=update_tinycode' . '">>> ' . $tinycode_title . '</a></p>';
$msg = $body = '';
if (empty($vars['action'])) {
if ($pagename != '') {
if (!is_page($pagename)) {
$btn_name = $qm->m['plg_update_tinycode']['btn_delete'];
$btn_action = 'clean';
$deletestyle = ' style="color:red;"';
} else {
$btn_name = $qm->m['plg_update_tinycode']['btn_update'];
$btn_action = 'update';
}
$_go_url = $script . '?go=' . get_tiny_code($pagename);
$update_page = '<span' . $deletestyle . '>' . $pagename . '</span>';
$update_tinycode = '<input type="text" value="' . $_go_url . '" readonly="readonly" onclick="this.select();" style="width:400px;" />';
$update_form = '
<form method="POST" action="' . $script . '">
<input type="hidden" name="plugin" value="update_tinycode" />
<input type="hidden" name="action" value="' . $btn_action . '" />
<input type="hidden" name="page" value="' . h($pagename) . '" />
<input type="submit" value="' . $btn_name . '" />
</form>
' . $go_tinycode_top;
$body = convert_html($body_top . $body_page);
$body = str_replace('%update_page%', $update_page, $body);
$body = str_replace('%update_tinycode%', $update_tinycode, $body);
$body = str_replace('%update_form%', $update_form, $body);
} else {
$tiny_table = get_tiny_table(false);
$list_form = '<div style="overflow:auto;border:1px solid #dcdcdc;padding:5px 10px;margin-left:auto;margin-right:auto;text-align:justify;width:450px;height:300px">';
if (count($tiny_table) > 0) {
$list_form .= '<ul class="list1">';
ksort($tiny_table);
foreach ($tiny_table as $pname => $code) {
$delstyle = '';
if (!is_page($pname)) {
$delstyle = ' style="color:red;"';
}
if (!preg_match("/^:[config|RenameLog]|InterWikiName|InterWiki/", $pname)) {
$_go_url = $script . '?go=' . get_tiny_code($pname);
$list_form .= '<li style="margin-bottom:0.5em;"><a' . $delstyle . ' href="' . $script . '?cmd=update_tinycode&page=' . h($pname) . '">' . h($pname) . '</a><br /><input type="text" value="' . $_go_url . '" readonly="readonly" onclick="this.select();" style="width:400px;" /></li>';
}
}
$list_form .= '</ul>';
}
$list_form .= '</div>';
// クリーニング
$clean_form = '
<form method="POST" action="' . $script . '">
<input type="hidden" name="plugin" value="update_tinycode" />
<input type="hidden" name="action" value="clean" />
<input type="submit" name="clean" value="' . $qm->m['plg_update_tinycode']['btn_clean'] . '" />
</form>';
// リセット
$reset_form = '
<form method="POST" action="' . $script . '">
<div>
<input type="hidden" name="plugin" value="update_tinycode" />
<input type="hidden" name="action" value="reset" />
<label for="_p_update_entities_adminpass">' . $qm->m['adminpass'] . '</label>
<input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" />
<input type="submit" value="' . $qm->m['plg_update_tinycode']['btn_reset'] . '" />
</div>
</form>
';
$body = convert_html($body_top . $body_list . $body_clean . $body_reset);
$body = str_replace('%list_form%', $list_form, $body);
$body = str_replace('%clean_form%', $clean_form, $body);
$body = str_replace('%reset_form%', $reset_form, $body);
}
} else {
if ($vars['action'] == 'versionup') {
// バージョンアップ
$verup_form = '
<form method="POST" action="' . $script . '">
<div>
<input type="hidden" name="plugin" value="update_tinycode" />
<input type="hidden" name="action" value="reset" />
<label for="_p_update_entities_adminpass">' . $qm->m['adminpass'] . '</label>
<input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" />
<input type="submit" value="' . $qm->m['plg_update_tinycode']['btn_init'] . '" />
</div>
</form>
';
$body = convert_html($body_top . $body_verup);
$body = str_replace('%verup_form%', $verup_form, $body);
} else {
if ($vars['action'] == 'update') {
plugin_update_tinycode_update($pagename);
$msg = $tinycode_title;
$body = $qm->m['plg_update_tinycode']['updated'] . $go_tinycode_top;
} else {
if ($vars['action'] == 'clean') {
plugin_update_tinycode_clean($pagename);
$msg = $tinycode_title;
$body = $qm->m['plg_update_tinycode']['updated'] . $go_tinycode_top;
} else {
if ($vars['action'] == 'reset' && !empty($vars['adminpass']) && pkwk_login($vars['adminpass'])) {
plugin_update_tinycode_reset();
$msg = $tinycode_title;
$body = $qm->m['plg_update_tinycode']['updated'] . $go_tinycode_top;
} else {
$msg = $tinycode_title;
$body = $qm->m['plg_update_tinycode']['err_invalid_action'] . $go_tinycode_top;
}
}
}
}
}
return array('msg' => $msg, 'body' => $body);
}
function plugin_replace_tak_action()
{
global $script, $post;
$pass = isset($post['pass']) ? $post['pass'] : NULL;
$prefix = isset($post['prefix']) ? $post['prefix'] : NULL;
$search = isset($post['search']) ? $post['search'] : PLUGIN_REPLACE_TAK_SEARCH_DEFAULT;
$replace = isset($post['replace']) ? $post['replace'] : NULL;
$act = isset($post['act']) ? $post['act'] : NULL;
$preserveTimeStamp = array_key_exists('preserveTimeStamp', $post) ? $post['preserveTimeStamp'] : NULL;
$changedpages = array();
$body = '';
$replace_real = stripcslashes($replace);
$preserveTimeStamp = $preserveTimeStamp != '' ? TRUE : FALSE;
$islogin = pkwk_login($pass);
// パスワード一致
if ($search != PLUGIN_REPLACE_TAK_SEARCH_DEFAULT && $islogin) {
$pages = get_existpages();
if ($prefix != NULL) {
$tmppages = array();
foreach ($pages as $page) {
if (preg_match($prefix, $page)) {
$tmppages[] = $page;
}
}
$pages = $tmppages;
}
natsort($pages);
foreach ($pages as $page) {
$postdata = '';
$count = 0;
$postdata_old = join('', get_source($page));
// キーワードの置換
$postdata = preg_replace($search, $replace_real, $postdata_old, -1, $count);
if ($count > 0) {
$changedpages[] = htmlspecialchars($page);
if ($act == 'Replace') {
set_time_limit(30);
page_write($page, $postdata, $preserveTimeStamp);
}
}
}
if ($act == 'Replace') {
$body = '<p>Completed.</p>';
}
}
if ($pass !== NULL && !$islogin) {
$body .= "<p><strong>Password error.</strong></p>\n";
}
$replacebutton = $islogin && count($changedpages) > 0 && ($act == 'Preview' || $act == 'Replace') ? '<input type="submit" name="act" value="Replace" />' : '';
$statTimeStamp = $preserveTimeStamp ? 'checked' : '';
$body .= <<<EOD
<p>Please input the keyword and password to replace.</p>
<form action="{$script}" method="post">
<div>
<input type="hidden" name="plugin" value="replace_tak" />
<p>Page Prefix (option, 'Regular Expression (Perl-Compatible)' needed)<br />
<input type="text" name="prefix" size="60" value="{$prefix}" /> </p>
<p>Search word ('Regular Expression (Perl-Compatible)' needed)<br />
<input type="text" name="search" size="60" value="{$search}" /></p>
<p>Replace word<br />
<input type="text" name="replace" size="60" value="{$replace}" /> </p>
<p>Password<br />
<input type="password" name="pass" size="12" value="{$pass}" /> </p>
<p><input type="checkbox" name="preserveTimeStamp" {$statTimeStamp} /> preserve time stamp</p>
<p><input type="submit" name="act" value="Preview" /> {$replacebutton}</p>
</div>
</form>
EOD;
if ($search != PLUGIN_REPLACE_TAK_SEARCH_DEFAULT) {
$body .= "<p>Target: " . count($changedpages) . " page(s).</p>\n";
}
if (count($changedpages) > 0) {
$body .= "<ul>\n";
foreach ($changedpages as $page) {
$body .= '<li>' . make_link($page) . "\n";
}
$body .= "</ul>\n";
}
return array('msg' => 'Replace with regular expression', 'body' => $body);
}
function freeze($freeze, $pass)
{
global $_attach_messages;
if (!pkwk_login($pass)) {
return attach_info('err_adminpass');
}
$this->getstatus();
$this->status['freeze'] = $freeze;
$this->putstatus();
return array('msg' => $_attach_messages[$freeze ? 'msg_freezed' : 'msg_unfreezed']);
}
function attach_upload($page, $pass = NULL)
{
global $_attach_messages, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage($_string['error_prohibit']);
}
$msgs = array();
if (empty($page)) {
// 添付先のページが空
return array('result' => FALSE, 'msg' => '#attach: page name is missing.');
}
$wiki = Factory::Wiki($page);
if (!$wiki->isValied()) {
return array('result' => FALSE, 'msg' => $_attach_messages['err_nopage']);
}
if ($pass !== TRUE) {
if (!$wiki->isEditable()) {
return array('result' => FALSE, 'msg' => $_attach_messages['err_noparm']);
}
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && Auth::check_role('role_contents_admin') && ($pass === NULL || !pkwk_login($pass))) {
return array('result' => FALSE, 'msg' => $_attach_messages['err_adminpass']);
}
}
foreach ($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['name'] as $key => $value) {
$file = $_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['name'][$key];
// 無効な文字が含まれている
if (preg_match(PLUGIN_ATTACH_ILLEGAL_CHARS_PATTERN, $file)) {
$msgs[$file] = $_string['illegal_chars'];
continue;
}
// 添付ファイルがアップされた時のクエリの長さを取得
$query = Router::get_cmd_uri('attach', '', '', array('refer' => $page, 'pcmd' => 'info', 'file' => $file));
// ファイル名が長すぎる
if (PKWK_QUERY_STRING_MAX && strlen($query) > PKWK_QUERY_STRING_MAX) {
$msgs[$file] = $_attach_messages['err_too_long'];
continue;
}
// アップロードに失敗
if ($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['error'][$key] !== UPLOAD_ERR_OK) {
$msgs[$file] = attach_set_error_message($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['error'][$key]);
continue;
}
// 一時ファイルの生成に失敗
if (empty($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['tmp_name'][$key]) || !is_uploaded_file($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['tmp_name'][$key])) {
$msgs[$file] = $_attach_messages['err_upload'];
continue;
}
// サイズが大きすぎる
if ($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['size'][$key] > PLUGIN_ATTACH_MAX_FILESIZE) {
$msgs[$file] = $_attach_messages['err_exceed'];
continue;
}
$ret = attach_doupload($file, $page, $pass, $_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['tmp_name'][$key]);
$msgs[$file] = $ret['msg'];
}
$body[] = '<ul>';
foreach ($msgs as $file => $_result) {
$body[] = '<li>' . $file . ': ' . $_result . '</li>';
}
$body[] = '</ul>';
return array('msg' => sprintf($_attach_messages['msg_uploaded'], $page), 'body' => '<ul>' . join("\n", $body) . '</ul>', 'result' => true);
}
function plugin_edit_write()
{
global $vars, $trackback;
global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted;
global $notimeupdate, $_msg_invalidpass, $do_update_diff_table;
$page = isset($vars['page']) ? $vars['page'] : '';
$add = isset($vars['add']) ? $vars['add'] : '';
$digest = isset($vars['digest']) ? $vars['digest'] : '';
$vars['msg'] = preg_replace(PLUGIN_EDIT_FREEZE_REGEX, '', $vars['msg']);
$msg =& $vars['msg'];
// Reference
$retvars = array();
// Collision Detection
$oldpagesrc = join('', get_source($page));
$oldpagemd5 = md5($oldpagesrc);
if ($digest != $oldpagemd5) {
$vars['digest'] = $oldpagemd5;
// Reset
$original = isset($vars['original']) ? $vars['original'] : '';
list($postdata_input, $auto) = do_update_diff($oldpagesrc, $msg, $original);
$retvars['msg'] = $_title_collided;
$retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n";
$retvars['body'] .= $do_update_diff_table;
$retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE);
return $retvars;
}
// Action?
if ($add) {
// Add
if (isset($vars['add_top']) && $vars['add_top']) {
$postdata = $msg . "\n\n" . @join('', get_source($page));
} else {
$postdata = @join('', get_source($page)) . "\n\n" . $msg;
}
} else {
// Edit or Remove
$postdata =& $msg;
// Reference
}
// NULL POSTING, OR removing existing page
if ($postdata == '') {
page_write($page, $postdata);
$retvars['msg'] = $_title_deleted;
$retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted);
if ($trackback) {
tb_delete($page);
}
return $retvars;
}
// $notimeupdate: Checkbox 'Do not change timestamp'
$notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
if ($notimeupdate > 1 && $notimestamp && !pkwk_login($vars['pass'])) {
// Enable only administrator & password error
$retvars['body'] = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
$retvars['body'] .= edit_form($page, $msg, $digest, FALSE);
return $retvars;
}
page_write($page, $postdata, $notimeupdate != 0 && $notimestamp);
pkwk_headers_sent();
header('Location: ' . get_script_uri() . '?' . rawurlencode($page));
exit;
}
function plugin_dav_action()
{
global $scriptname, $zslash, $log_ua;
if (!exist_plugin('attach')) {
plugin_dav_error_exit(500, 'attach plugin not found.');
}
$scriptname = SCRIPT_NAME;
// 区切り文字の全角
$zslash = mb_convert_kana('/', 'A', SOURCE_ENCODING);
header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
$req_headers = apache_request_headers();
$path_info = empty($_SERVER['PATH_INFO']) ? '' : $_SERVER['PATH_INFO'];
switch ($_SERVER['REQUEST_METHOD']) {
case 'OPTIONS':
header('DAV: 1');
// OPTIONS,PROPFIND,GET,HEAD,PUT,DELETE,MOVE,COPY
header('Allow: OPTIONS,PROPFIND,GET,PUT,MOVE,COPY');
header('MS-Author-Via: DAV');
break;
case 'PROPFIND':
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
// PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password';
if (!isset($req_headers['Authorization'])) {
plugin_dav_error_exit(401);
}
//$user = auth::check_auth_pw(); // 認証済かのチェック
//if (empty($user)) plugin_dav_error_exit(401); // 未認証なら認証を要求
}
if (empty($path_info)) {
plugin_dav_error_exit(301, NULL, plugin_dav_myurl1() . '/');
}
$tree = plugin_dav_maketree($path_info);
if (!isset($tree)) {
plugin_dav_error_exit(404);
}
$ret = plugin_dav_makemultistat($tree, $_SERVER['REQUEST_URI'], $req_headers['Depth']);
if (!isset($ret)) {
plugin_dav_error_exit(301, NULL, plugin_dav_myurl() . '/');
}
header('HTTP/1.1 207 Multi-Status');
header('Content-Type: text/xml');
echo $ret->saveXML();
exit;
case 'GET':
case 'HEAD':
// 通常のファイル参照時は、このメソッドでアクセスされる
$obj =& plugin_dav_getfileobj($path_info);
if ($obj != NULL && $obj->exist) {
$obj->open();
} else {
if ($_SERVER['REQUEST_METHOD'] == 'GET' && empty($path_info) && strpos($log_ua, 'MSIE') > 0) {
plugin_dav_officious_message();
exit;
} else {
plugin_dav_error_exit(404);
}
}
break;
case 'PUT':
$pass = NULL;
if (auth::check_role('readonly')) {
plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
if (isset($req_headers['Authorization'])) {
$pass = plugin_dav_getbasicpass($req_headers['Authorization']);
}
// else
// PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password';
// plugin_dav_error_exit(401);
}
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && $pass !== TRUE && ($pass === NULL || !pkwk_login($pass))) {
plugin_dav_error_exit(401);
}
// 'admin only.'
$obj =& plugin_dav_getfileobj($path_info, false);
if (!isset($obj)) {
plugin_dav_error_exit(403, 'no page');
}
if ($obj->exist) {
unlink($tmpfilename);
plugin_dav_error_exit(403, 'already exist.');
}
$size = intval($req_headers['Content-Length']);
// Windows 7のクライアントは、まず0バイト書いて、
// それをLOCKしてから、上書きしにくる。
// しかし、Pukiwikiは基本上書き禁止。
// そこで0バイトの時は無視する。
if ($size > 0) {
if ($size > PLUGIN_ATTACH_MAX_FILESIZE) {
plugin_dav_error_exit(403, 'file size error');
}
$tmpfilename = tempnam('/tmp', 'dav');
$fp = fopen($tmpfilename, 'wb');
$size = 0;
$putdata = fopen('php://input', 'rb');
while ($data = fread($putdata, 1024)) {
$size += strlen($data);
fwrite($fp, $data);
}
fclose($putdata);
fclose($fp);
if (copy($tmpfilename, $obj->filename)) {
chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
}
if (is_page($obj->page)) {
touch(get_filename($obj->page));
}
$obj->getstatus();
$obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : '';
$obj->putstatus();
unlink($tmpfilename);
}
break;
case 'DELETE':
// FIXME
// フォルダーは消せないくせに、消せたように処理してしまう。
//
$pass = NULL;
if (auth::check_role('readonly')) {
plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
if (isset($req_headers['Authorization'])) {
$pass = plugin_dav_getbasicpass($req_headers['Authorization']);
}
// else
// PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password';
// plugin_dav_error_exit(401);
}
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && $pass !== TRUE && ($pass === NULL || !pkwk_login($pass))) {
plugin_dav_error_exit(401);
}
// 'admin only.'
$obj =& plugin_dav_getfileobj($path_info, false);
if (!isset($obj)) {
plugin_dav_error_exit(403);
}
if ($obj->getstatus() == FALSE) {
plugin_dav_error_exit(404);
}
$obj->delete($pass);
if (file_exists($obj->filename)) {
plugin_dav_error_exit(406, "can't delete this file");
}
break;
case 'MOVE':
case 'COPY':
// 添付ファイルのコピーと移動のみ
// 同じページ内での添付ファイルの移動もわざわざ消して書いている
// ページのコピーや移動は未実装
$pass = NULL;
if (auth::check_role('readonly')) {
plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
if (isset($req_headers['Authorization'])) {
$pass = plugin_dav_getbasicpass($req_headers['Authorization']);
}
// else
// PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password';
// plugin_dav_error_exit(401);
}
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && $pass !== TRUE && ($pass === NULL || !pkwk_login($pass))) {
plugin_dav_error_exit(401);
}
// 'admin only.'
// FROM (PATH_INFO)
if ($_SERVER['REQUEST_METHOD'] == 'MOVE') {
$obj1 =& plugin_dav_getfileobj($path_info, false);
} else {
$obj1 =& plugin_dav_getfileobj($path_info, true);
// readonly
}
if (!isset($obj1)) {
plugin_dav_error_exit(403, 'no src page.');
}
if ($obj1->getstatus() == FALSE) {
plugin_dav_error_exit(404);
}
// TO (Destination)
$destname = $req_headers['Destination'];
if (strpos($destname, plugin_dav_myurl0()) === 0) {
$destname = substr($destname, strlen(plugin_dav_myurl0()));
}
if (strpos($destname, $scriptname) === 0) {
$destname = urldecode(substr($destname, strlen($scriptname)));
} else {
plugin_dav_error_exit(403, 'not dav directory.');
}
$obj2 =& plugin_dav_getfileobj($destname, false);
if (!isset($obj2)) {
plugin_dav_error_exit(403, 'no dst page.');
}
if ($obj2->exist) {
plugin_dav_error_exit(403, 'already exist');
}
if (copy($obj1->filename, $obj2->filename)) {
chmod($obj2->filename, PLUGIN_ATTACH_FILE_MODE);
} else {
plugin_dav_error_exit(406, "can't copy it");
}
// COPY
if (is_page($obj2->page)) {
touch(get_filename($obj2->page));
}
$obj2->getstatus();
$obj2->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : '';
$obj2->putstatus();
// MOVE(DELETE)
if ($_SERVER['REQUEST_METHOD'] == 'MOVE') {
$obj1->delete($pass);
if (file_exists($obj1->filename)) {
plugin_dav_error_exit(406, "can't delete this file");
}
}
break;
/*
case 'MKCOL':
// ページは作成可能
// セキュリティは未検証
// Windowsクライアントを考えると、
// ページのリネームを考えないと無意味
if (auth::check_role('readonly')) plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing');
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
if(isset($req_headers['Authorization']))
$pass = plugin_dav_getbasicpass($req_headers['Authorization']);
// else
// PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password';
// plugin_dav_error_exit(401);
}
$path = $path_info;
if(!isset($path)) plugin_dav_error_exit(403);
// $path = mb_convert_encoding($path, SOURCE_ENCODING, 'UTF-8');
if(preg_match('/^\/(.+)\/$/', $path, $matches) != 1)
plugin_dav_error_exit(403);
$page = str_replace($zslash, '/', $matches[1]);
if(is_page($page)) plugin_dav_error_exit(403);
// ここの辺りにもう一つチェックが必要かも
page_write($page, "dav.php"); // write initial string to the page.
break;
*/
/*
case 'MKCOL':
// ページは作成可能
// セキュリティは未検証
// Windowsクライアントを考えると、
// ページのリネームを考えないと無意味
if (auth::check_role('readonly')) plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing');
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
if(isset($req_headers['Authorization']))
$pass = plugin_dav_getbasicpass($req_headers['Authorization']);
// else
// PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password';
// plugin_dav_error_exit(401);
}
$path = $path_info;
if(!isset($path)) plugin_dav_error_exit(403);
// $path = mb_convert_encoding($path, SOURCE_ENCODING, 'UTF-8');
if(preg_match('/^\/(.+)\/$/', $path, $matches) != 1)
plugin_dav_error_exit(403);
$page = str_replace($zslash, '/', $matches[1]);
if(is_page($page)) plugin_dav_error_exit(403);
// ここの辺りにもう一つチェックが必要かも
page_write($page, "dav.php"); // write initial string to the page.
break;
*/
case 'PROPPATCH':
// ダミールーチン: Windows 7のクライアントは、PROPPATCHが
// 失敗するとファイルを消しに来るため仕方なく。
//
header('HTTP/1.1 207 Multi-Status');
header('Content-Type: text/xml');
$doc = plugin_dav_proppatch_dummy_response($_SERVER['REQUEST_URI']);
echo $doc->saveXML();
exit;
case 'MKCOL':
case 'LOCK':
case 'UNLOCK':
case 'POST':
plugin_dav_error_exit(501);
// Method not Implemented
break;
default:
plugin_dav_error_exit(405);
// Method not Allowed
}
}
function login()
{
global $vars;
$pass = isset($vars['pass']) ? $vars['pass'] : $this->get_admincookie();
if (pkwk_login($pass)) {
$this->set_admincookie($pass);
return TRUE;
} else {
return FALSE;
}
}
/**
* PukiWiki admin login with session
*
* @param string $pass
* @param boolean $use_session Use Session log
* @param boolean $use_basicauth Use BasicAuth log
* @return boolean
*/
function is_admin($pass = null, $use_session = false, $use_basicauth = false)
{
$is_admin = FALSE;
if ($use_basicauth) {
if (is_callable(array('auth', 'check_role'))) {
// Plus!
$is_admin = !auth::check_role('role_adm_contents');
}
}
if (!$is_admin && isset($pass)) {
$is_admin = function_exists('pkwk_login') ? pkwk_login($pass) : md5($pass) === $GLOBALS['adminpass'];
// 1.4.3
}
if ($use_session) {
session_start();
if ($is_admin) {
$_SESSION['is_admin'] = TRUE;
}
return isset($_SESSION['is_admin']) && $_SESSION['is_admin'];
} else {
return $is_admin;
}
}
