Exemplo n.º 1
0
function plugin_doc_ini_action()
{
    global $script, $vars, $_doc_ini_msg;
    if (auth::check_role('role_adm_contents')) {
        die_message('NOT AUTHORIZED.');
    }
    if (empty($vars['page'])) {
        return;
    }
    if (!is_pagename($vars['page'])) {
        return '';
    }
    // Invalid page name;
    $action = empty($vars['action']) ? '' : $vars['action'];
    $retval = array();
    $msg_title = sprintf($_doc_ini_msg['msg_confirmation'], $vars['page']);
    if ($action === 'exec') {
        return plugin_doc_ini_exec($vars['page']);
    }
    $retval['body'] = <<<EOD
<form action="{$script}" method="post">
        <div>
\t{$msg_title}
                <input type="hidden" name="plugin" value="doc_ini" />
                <input type="hidden" name="action" value="exec" />
                <input type="hidden" name="page" value="{$vars['page']}" />
                <input type="submit" value="{$_doc_ini_msg['btn_exec']}" />
        </div>
</form>

EOD;
    $retval['msg'] = $_doc_ini_msg['title_confirmation'];
    return $retval;
}
Exemplo n.º 2
0
function plugin_insert_convert()
{
    global $script, $vars, $digest;
    static $numbers = array();
    $_btn_insert = _('add');
    // if (PKWK_READONLY) return ''; // Show nothing
    if (auth::check_role('readonly')) {
        return '';
    }
    // Show nothing
    if (!isset($numbers[$vars['page']])) {
        $numbers[$vars['page']] = 0;
    }
    $insert_no = $numbers[$vars['page']]++;
    $s_page = htmlspecialchars($vars['page']);
    $s_digest = htmlspecialchars($digest);
    $s_cols = INSERT_COLS;
    $s_rows = INSERT_ROWS;
    $string = <<<EOD
<form action="{$script}" method="post">
 <div>
  <input type="hidden" name="insert_no" value="{$insert_no}" />
  <input type="hidden" name="refer"  value="{$s_page}" />
  <input type="hidden" name="plugin" value="insert" />
  <input type="hidden" name="digest" value="{$s_digest}" />
  <textarea name="msg" rows="{$s_rows}" cols="{$s_cols}"></textarea><br />
  <input type="submit" name="insert" value="{$_btn_insert}" />
 </div>
</form>
EOD;
    return $string;
}
Exemplo n.º 3
0
function count_files($no = 0, $pref = '')
{
    // 0:DATA, 1:TB, 2:Referer, 3: DIFF, 4:BKUP, 5:CTR
    static $dir = array(DATA_DIR, TRACKBACK_DIR, REFERER_DIR, DIFF_DIR, BACKUP_DIR, COUNTER_DIR);
    static $ext = array('.txt', '.txt', '.ref', '.txt', BACKUP_EXT, '.count');
    // コンテンツ管理者以上は、全てのファイルを対象にする
    if (!auth::check_role('role_adm_contents')) {
        $pages = get_existpages($dir[$no], $ext[$no]);
    } else {
        // 自分が閲覧できるページ数のみ戻す
        $pages = auth::get_existpages($dir[$no], $ext[$no]);
    }
    // 条件なし
    if (empty($pref)) {
        return count($pages);
    }
    // 指定文書のカウント
    $i = 0;
    foreach ($pages as $page) {
        if (strpos($page, $pref) === 0) {
            $i++;
        }
    }
    return $i;
}
Exemplo n.º 4
0
function plugin_newpage_action()
{
    global $vars;
    $_btn_edit = _('Edit');
    $_msg_newpage = _('New page');
    // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
    if (auth::check_role('readonly')) {
        die_message(_('PKWK_READONLY prohibits editing'));
    }
    if (auth::is_check_role(PKWK_CREATE_PAGE)) {
        die_message(_('PKWK_CREATE_PAGE prohibits editing'));
    }
    if ($vars['page'] == '') {
        $retvars['msg'] = $_msg_newpage;
        $retvars['body'] = plugin_newpage_convert();
        return $retvars;
    } else {
        $page = strip_bracket($vars['page']);
        if (isset($vars['refer'])) {
            $r_page = get_fullname($page, $vars['refer']);
            $r_refer = 'refer=' . $vars['refer'];
        } else {
            $r_page = $page;
            $r_refer = '';
        }
        pkwk_headers_sent();
        header('Location: ' . get_page_location_uri($r_page, $r_refer));
        exit;
    }
}
Exemplo n.º 5
0
function plugin_version_value()
{
    //	if (PKWK_SAFE_MODE) return '';
    if (auth::check_role('safemode')) {
        return '';
    }
    return S_VERSION;
}
Exemplo n.º 6
0
function plugin_read_action()
{
    global $vars, $_title_invalidwn, $_msg_invalidiwn;
    $page = isset($vars['page']) ? $vars['page'] : '';
    if (is_page($page)) {
        // ページを表示
        check_readable($page, true, true);
        header_lastmod($page);
        return array('msg' => '', 'body' => '');
        // } else if (! PKWK_SAFE_MODE && is_interwiki($page)) {
    } else {
        if (!auth::check_role('safemode') && is_interwiki($page)) {
            return do_plugin_action('interwiki');
            // InterWikiNameを処理
        } else {
            if (is_pagename($page)) {
                $realpages = get_autoaliases($page);
                if (count($realpages) == 1) {
                    $realpage = $realpages[0];
                    if (is_page($realpage)) {
                        header('HTTP/1.0 301 Moved Permanently');
                        header('Location: ' . get_page_location_uri($realpage));
                        return;
                    } elseif (is_url($realpage)) {
                        header('HTTP/1.0 301 Moved Permanently');
                        header('Location: ' . $realpage);
                        return;
                    } elseif (is_interwiki($realpage)) {
                        header('HTTP/1.0 301 Moved Permanently');
                        $vars['page'] = $realpage;
                        return do_plugin_action('interwiki');
                        // header('Location');
                    } else {
                        // 存在しない場合、直接編集フォームに飛ばす // To avoid infinite loop
                        header('Location: ' . get_location_uri('edit', $realpage));
                        return;
                    }
                } elseif (count($realpages) >= 2) {
                    $body = '<p>';
                    $body .= _('This pagename is an alias to') . '<br />';
                    $link = '';
                    foreach ($realpages as $realpage) {
                        $link .= '[[' . $realpage . '>' . $realpage . ']]&br;';
                    }
                    $body .= make_link($link);
                    $body .= '</p>';
                    return array('msg' => _('Redirect'), 'body' => $body);
                }
                $vars['cmd'] = 'edit';
                return do_plugin_action('edit');
                // 存在しないので、編集フォームを表示
            } else {
                // 無効なページ名
                return array('msg' => $_title_invalidwn, 'body' => str_replace('$1', htmlspecialchars($page), str_replace('$2', 'WikiName', $_msg_invalidiwn)));
            }
        }
    }
}
Exemplo n.º 7
0
function plugin_server_convert()
{
    // if (PKWK_SAFE_MODE) return ''; // Show nothing
    if (auth::check_role('safemode')) {
        return '';
    }
    // Show nothing
    return '<dl>' . "\n" . '<dt>Server Name</dt>' . '<dd>' . SERVER_NAME . '</dd>' . "\n" . '<dt>Server Software</dt>' . '<dd>' . SERVER_SOFTWARE . '</dd>' . "\n" . '<dt>Server Admin</dt>' . '<dd>' . '<a href="mailto:' . SERVER_ADMIN . '">' . SERVER_ADMIN . '</a></dd>' . "\n" . '</dl>' . "\n";
}
Exemplo n.º 8
0
function plugin_phpinfo_action()
{
    // if (auth::check_role('role_adm_contents') return '';
    if (auth::check_role('role_adm')) {
        return '';
    }
    phpinfo();
    die;
}
Exemplo n.º 9
0
function plugin_yetlist_action()
{
    //	global $_title_yetlist, $_err_notexist, $_symbol_noexists, $non_list;
    global $_symbol_noexists, $non_list, $whatsdeleted;
    $retval = array('msg' => _('List of pages which have not yet been created.'), 'body' => '');
    // Diff
    $pages = array_diff(auth::get_existpages(CACHE_DIR, '.ref'), auth::get_existpages());
    if (empty($pages)) {
        $retval['body'] = _('All pages have been created.');
        return $retval;
    }
    $empty = TRUE;
    // Load .ref files and Output
    $refer_regex = '/' . $non_list . '|^' . preg_quote($whatsdeleted, '/') . '$/S';
    asort($pages, SORT_STRING);
    foreach ($pages as $file => $page) {
        $refer = array();
        foreach (file(CACHE_DIR . $file) as $line) {
            list($_page) = explode("\t", rtrim($line));
            $refer[] = $_page;
        }
        // Diff
        $refer = array_diff($refer, preg_grep($refer_regex, $refer));
        if (!empty($refer)) {
            $empty = FALSE;
            $refer = array_unique($refer);
            sort($refer, SORT_STRING);
            $r_refer = '';
            $link_refs = array();
            foreach ($refer as $_refer) {
                $r_refer = rawurlencode($_refer);
                $link_refs[] = '<a href="' . get_page_uri($_refer) . '">' . htmlspecialchars($_refer) . '</a>';
            }
            $link_ref = join(' ', $link_refs);
            unset($link_refs);
            $s_page = htmlspecialchars($page);
            //			if (PKWK_READONLY) {
            if (auth::check_role('readonly')) {
                $href = $s_page;
            } else {
                // Dangling link
                $href = '<span class="noexists">' . $s_page . '<a href="' . get_cmd_uri('edit', $page, '', 'refer=' . $r_refer) . '">' . $_symbol_noexists . '</a></span>';
            }
            $retval['body'] .= '<li>' . $href . ' <em>(' . $link_ref . ')</em></li>' . "\n";
        }
    }
    if ($empty) {
        $retval['body'] = $_err_notexist;
        return $retval;
    }
    if ($retval['body'] != '') {
        $retval['body'] = '<ul>' . "\n" . $retval['body'] . '</ul>' . "\n";
    }
    return $retval;
}
Exemplo n.º 10
0
function plugin_stationary_action()
{
    // See above
    // if (PKWK_SAFE_MODE || PKWK_READONLY)
    if (auth::check_role('safemode') || auth::check_role('readonly')) {
        die_message('PKWK_SAFE_MODE or PKWK_READONLY prohibits this');
    }
    $msg = 'Message';
    $body = 'Message body';
    return array('msg' => htmlspecialchars($msg), 'body' => htmlspecialchars($body));
}
Exemplo n.º 11
0
function plugin_add_action()
{
    global $get, $post, $vars;
    // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
    if (auth::check_role('readonly')) {
        die_message('PKWK_READONLY prohibits editing');
    }
    $page = isset($vars['page']) ? $vars['page'] : '';
    check_editable($page);
    $get['add'] = $post['add'] = $vars['add'] = TRUE;
    return array('msg' => _("Add to \$1"), 'body' => '<ul>' . "\n" . ' <li>' . _('Two and the contents of an input are added for a new-line to the contents of a page of present addition.') . '</li>' . "\n" . '</ul>' . "\n" . edit_form($page, ''));
}
Exemplo n.º 12
0
function ref_save($page)
{
    global $referer, $use_spam_check;
    // if (PKWK_READONLY || ! $referer || empty($_SERVER['HTTP_REFERER'])) return TRUE;
    if (auth::check_role('readonly') || !$referer || empty($_SERVER['HTTP_REFERER'])) {
        return TRUE;
    }
    $url = $_SERVER['HTTP_REFERER'];
    // Validate URI (Ignore own)
    $parse_url = parse_url($url);
    if ($parse_url === FALSE || !isset($parse_url['host']) || $parse_url['host'] == $_SERVER['HTTP_HOST']) {
        return TRUE;
    }
    // Blocking SPAM
    if ($use_spam_check['referer'] && SpamCheck($parse_url['host'])) {
        return TRUE;
    }
    if (!is_dir(REFERER_DIR)) {
        die('No such directory: REFERER_DIR');
    }
    if (!is_writable(REFERER_DIR)) {
        die('Permission denied to write: REFERER_DIR');
    }
    // Update referer data
    if (ereg("[,\"\n\r]", $url)) {
        $url = '"' . str_replace('"', '""', $url) . '"';
    }
    $data = ref_get_data($page, 3);
    $d_url = rawurldecode($url);
    if (!isset($data[$d_url])) {
        $data[$d_url] = array('', UTIME, 0, $url, 1);
    }
    $data[$d_url][0] = UTIME;
    $data[$d_url][2]++;
    $filename = ref_get_filename($page);
    $fp = fopen($filename, 'w');
    if ($fp === FALSE) {
        return FALSE;
    }
    set_file_buffer($fp, 0);
    @flock($fp, LOCK_EX);
    rewind($fp);
    foreach ($data as $line) {
        $str = trim(join(',', $line));
        if ($str != '') {
            fwrite($fp, $str . "\n");
        }
    }
    @flock($fp, LOCK_UN);
    fclose($fp);
    return TRUE;
}
Exemplo n.º 13
0
function plugin_showrss_action()
{
    // if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibit this');
    if (auth::check_role('safemode')) {
        die_message('PKWK_SAFE_MODE prohibits this');
    }
    $body = '';
    foreach (array('xml', 'mbstring') as $extension) {
        ${$extension} = extension_loaded($extension) ? '&color(green){Found};' : '&color(red){Not found};';
        $body .= '| ' . $extension . ' extension | ' . ${$extension} . ' |' . "\n";
    }
    return array('msg' => 'showrss_info', 'body' => convert_html($body));
}
Exemplo n.º 14
0
function plugin_code_action()
{
    global $vars;
    global $_source_messages;
    // if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibits this');
    if (auth::check_role('safemode')) {
        die_message('PKWK_SAFE_MODE prohibits this');
    }
    $vars['refer'] = $vars['page'];
    if (!is_page($vars['page']) || !check_readable($vars['page'], false, false)) {
        return array('msg' => $_source_messages['msg_notfound'], 'body' => $_source_messages['err_notfound']);
    }
    return array('msg' => $_source_messages['msg_title'], 'body' => plugin_code_convert('pukiwiki', join('', get_source($vars['page'])) . "\n"));
}
Exemplo n.º 15
0
function plugin_freeze_action()
{
    global $script, $vars, $function_freeze;
    $_title_isfreezed = _(' $1 has already been frozen');
    $_title_freezed = _(' $1 has been frozen.');
    $_title_freeze = _('Freeze  $1');
    $_msg_invalidpass = _('Invalid password.');
    $_msg_freezing = _('Please input the password for freezing.');
    $_btn_freeze = _('Freeze');
    $page = isset($vars['page']) ? $vars['page'] : '';
    if (!$function_freeze || is_cantedit($page) || !is_page($page)) {
        return array('msg' => '', 'body' => '');
    }
    $pass = isset($vars['pass']) ? $vars['pass'] : NULL;
    $msg = $body = '';
    if (is_freeze($page)) {
        // Freezed already
        $msg =& $_title_isfreezed;
        $body = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_isfreezed);
    } else {
        if (!auth::check_role('role_adm_contents') || $pass !== NULL && pkwk_login($pass)) {
            // Freeze
            $postdata = get_source($page);
            array_unshift($postdata, "#freeze\n");
            file_write(DATA_DIR, $page, join('', $postdata), TRUE);
            // Update
            is_freeze($page, TRUE);
            $vars['cmd'] = 'read';
            $msg =& $_title_freezed;
            $body = '';
        } else {
            // Show a freeze form
            $msg =& $_title_freeze;
            $s_page = htmlspecialchars($page);
            $body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n";
            $body .= <<<EOD
<p>{$_msg_freezing}</p>
<form action="{$script}" method="post">
 <div>
  <input type="hidden"   name="cmd"  value="freeze" />
  <input type="hidden"   name="page" value="{$s_page}" />
  <input type="password" name="pass" size="12" />
  <input type="submit"   name="ok"   value="{$_btn_freeze}" />
 </div>
</form>
EOD;
        }
    }
    return array('msg' => $msg, 'body' => $body);
}
Exemplo n.º 16
0
function plugin_filelist_action()
{
    global $vars;
    if (!auth::check_role('role_adm_contents')) {
        return do_plugin_action('list');
    }
    if (!isset($vars['pass'])) {
        return filelist_adm('');
    }
    if (!pkwk_login($vars['pass'])) {
        return filelist_adm('__nopass__');
    }
    return do_plugin_action('list');
}
Exemplo n.º 17
0
function plugin_nonlist_action()
{
    global $vars;
    $_title_nonlist = _('List of non_list pages');
    if (auth::check_role('role_adm_contents')) {
        return '';
    }
    if (isset($vars['env'])) {
        $cmd = 2;
    } elseif (isset($vars['col'])) {
        $cmd = 1;
    } else {
        $cmd = 0;
    }
    return array('msg' => $_title_nonlist, 'body' => plugin_nonlist_getlist($cmd));
}
Exemplo n.º 18
0
function plugin_htdigest_action()
{
    global $vars, $_htdigest_msg;
    $msg = 'htdigest';
    $body = '';
    $func = empty($vars['func']) ? '' : $vars['func'];
    if (htdigest_is_iis()) {
        return array('msg' => $msg, 'body' => $_htdigest_msg['msg_iis']);
    }
    // 初回起動時
    if (empty($func)) {
        return array('msg' => $msg, 'body' => htdigest_menu());
    }
    // プラグインによる書き込み制限の場合
    if (!USE_APACHE_WRITE_FUNC) {
        return array('msg' => $msg, 'body' => htdigest_menu($_htdigest_msg['err_not_use']));
    }
    switch ($func) {
        case 'save':
            // サイト管理者権限が無い場合
            if (auth::check_role('role_adm')) {
                return array('msg' => $msg, 'body' => htdigest_menu($_htdigest_msg['err_role']));
            }
            // ADM
            if (USE_APACHE_WRITE_FUNC) {
                $rc_msg = htdigest_save($vars['username'], $vars['realm'], $vars['hash'], 2);
            }
            return array('msg' => $msg, 'body' => htdigest_menu($rc_msg));
        case 'update':
            // サイト管理者未満は、自分のパスワードのみ更新ができる
            $role_level = auth::get_role_level();
            if ($role_level < 2) {
                // Guest
                return array('msg' => $msg, 'body' => htdigest_menu($_htdigest_msg['err_role']));
            }
            // Auth User
            global $realm;
            $user = auth::check_auth();
            if (USE_APACHE_WRITE_FUNC) {
                $rc_msg = htdigest_save($user, $realm, $vars['hash'], $role_level);
            }
            return array('msg' => $msg, 'body' => htdigest_menu($rc_msg));
        default:
            $body = $_htdigest_msg['msg_err'];
    }
    return array('msg' => $msg, 'body' => $body);
}
Exemplo n.º 19
0
function replace_adm($pass, $search)
{
    global $_replace_msg;
    global $script;
    global $_button;
    $label1 = $_replace_msg['msg_input_search_word'];
    $label2 = $_replace_msg['msg_input_replace_word'];
    $btn = $_replace_msg['btn_exec'];
    $label3 = $_button['notchangetimestamp'];
    $body = '';
    if (!auth::check_role('role_adm_contents')) {
        $msg = $_replace_msg['msg_input_str'];
        $body_pass = "******";
    } else {
        $msg = $_replace_msg['msg_input_pass'];
        $body_pass = <<<EOD
  Password<br />
  <input type="password" name="pass" size="12" /> <br />

EOD;
        if ($pass == 'pass') {
            $body .= '<p><strong>' . $_replace_msg['msg_warn_pass'] . "</strong></p>\n";
        } elseif ($pass != '__nopass__') {
            $body .= '<p><strong>' . $_replace_msg['msg_no_pass'] . "</strong></p>\n";
        }
    }
    if ($search === '') {
        $body .= '<p><strong>' . $_replace_msg['msg_no_search'] . "</strong></p>\n";
    }
    $body .= <<<EOD
<p>{$msg}</p>
<form action="{$script}" method="post">
 <div>
  <input type="hidden" name="cmd" value="replace" />
  {$label1}<br />
  <input type="text" name="search" size="24" /> <br />
  {$label2}<br />
  <input type="text" name="replace" size="24" /> <br />
{$body_pass}
  <input type="checkbox" name="notimestamp" />{$label3}
  <input type="submit" name="ok" value="{$btn}" />
 </div>
</form>
EOD;
    return array('msg' => $_replace_msg['msg_H0_replace'], 'body' => $body);
}
function plugin_monobook_login_action()
{
    global $vars, $auth_users, $_msg_auth, $_monobook_login_messages;
    if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION'])) {
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
    }
    if (auth::check_role('readonly') || !isset($_SERVER['PHP_AUTH_USER']) || !isset($auth_users[$_SERVER['PHP_AUTH_USER']]) || !isset($_SERVER['PHP_AUTH_PW']) || pkwk_hash_compute($_SERVER['PHP_AUTH_PW'], $auth_users[$_SERVER['PHP_AUTH_USER']]) !== $auth_users[$_SERVER['PHP_AUTH_USER']]) {
        pkwk_common_headers();
        header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
        header('HTTP/1.0 401 Unauthorized');
        $msg = $_monobook_login_messages['auth_failed'];
        return array('msg' => $msg, 'body' => '<p>' . $msg . '</p>');
    } elseif (isset($vars['refer']) && is_page($vars['refer'])) {
        header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refer']));
    }
    return;
}
Exemplo n.º 21
0
function plugin_source_action()
{
    global $vars;
    //, $_source_messages;
    // if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibits this');
    if (auth::check_role('safemode')) {
        die_message('PKWK_SAFE_MODE prohibits this');
    }
    $page = isset($vars['page']) ? $vars['page'] : '';
    $vars['refer'] = $page;
    if (!is_page($page) || !check_readable($page, false, false)) {
        return array('msg' => _(' $1 was not found.'), 'body' => _('cannot display the page source.'));
    }
    $source = join('', get_source($page));
    auth::is_role_page($source);
    return array('msg' => _('Source of  $1'), 'body' => '<pre id="source">' . htmlspecialchars($source) . '</pre>');
}
Exemplo n.º 22
0
/**
 * make_backup
 * バックアップを作成する
 *
 * @access    public
 * @param     String    $page        ページ名
 * @param     Boolean   $delete      TRUE:バックアップを削除する
 *
 * @return    Void
 */
function make_backup($page, $delete = FALSE)
{
    global $cycle, $maxage;
    global $do_backup, $del_backup;
    // if (PKWK_READONLY || ! $do_backup) return;
    if (auth::check_role('readonly') || !$do_backup) {
        return;
    }
    if ($del_backup && $delete) {
        _backup_delete($page);
        return;
    }
    if (!is_page($page)) {
        return;
    }
    $lastmod = _backup_get_filetime($page);
    if ($lastmod == 0 || UTIME - $lastmod > 60 * 60 * $cycle) {
        $backups = get_backup($page);
        $count = count($backups) + 1;
        // 直後に1件追加するので、(最大件数 - 1)を超える要素を捨てる
        if ($count > $maxage) {
            array_splice($backups, 0, $count - $maxage);
        }
        $strout = '';
        foreach ($backups as $age => $data) {
            // BugTrack/685 by UPK
            //$strout .= PKWK_SPLITTER . ' ' . $data['time'] . "\n"; // Splitter format
            $strout .= PKWK_SPLITTER . ' ' . $data['time'] . ' ' . $data['real'] . "\n";
            // Splitter format
            $strout .= join('', $data['data']);
            unset($backups[$age]);
        }
        $strout = preg_replace("/([^\n])\n*\$/", "\$1\n", $strout);
        // Escape 'lines equal to PKWK_SPLITTER', by inserting a space
        $body = preg_replace('/^(' . preg_quote(PKWK_SPLITTER) . "\\s\\d+(\\s(\\d+)|))\$/", '$1 ', get_source($page));
        // BugTrack/685 by UPK
        // $body = PKWK_SPLITTER . ' ' . get_filetime($page) . "\n" . join('', $body);
        $body = PKWK_SPLITTER . ' ' . get_filetime($page) . ' ' . UTIME . "\n" . join('', $body);
        $body = preg_replace("/\n*\$/", "\n", $body);
        $fp = _backup_fopen($page, 'wb') or die_message('Cannot open ' . htmlspecialchars(_backup_get_filename($page)) . '<br />Maybe permission is not writable or filename is too long');
        _backup_fputs($fp, $strout);
        _backup_fputs($fp, $body);
        _backup_fclose($fp);
    }
}
Exemplo n.º 23
0
function plugin_interwiki_action()
{
    global $vars, $InterWikiName;
    // if (PKWK_SAFE_MODE) die_message('InterWiki plugin is not allowed');
    if (auth::check_role('safemode')) {
        die_message('InterWiki plugin is not allowed');
    }
    $match = array();
    if (!preg_match("/^{$InterWikiName}\$/", $vars['page'], $match)) {
        return plugin_interwiki_invalid();
    }
    $url = get_interwiki_url($match[2], $match[3]);
    if ($url === FALSE) {
        return plugin_interwiki_invalid();
    }
    pkwk_headers_sent();
    header('Location: ' . $url);
    exit;
}
Exemplo n.º 24
0
function plugin_topicpath_inline()
{
    global $vars, $defaultpage, $topicpath;
    if (isset($topicpath) && $topicpath == false) {
        return '';
    }
    $page = isset($vars['page']) ? $vars['page'] : '';
    if ($page == '' || $page == $defaultpage) {
        return '';
    }
    $parts = explode('/', $page);
    $b_link = TRUE;
    if (PLUGIN_TOPICPATH_THIS_PAGE_DISPLAY) {
        $b_link = PLUGIN_TOPICPATH_THIS_PAGE_LINK;
    } else {
        array_pop($parts);
        // Remove the page itself
    }
    $topic_path = array();
    while (!empty($parts)) {
        $_landing = join('/', $parts);
        $element = htmlspecialchars(array_pop($parts));
        if (!$b_link) {
            // This page ($_landing == $page)
            $b_link = TRUE;
            $topic_path[] = $element;
            // } else if (PKWK_READONLY && ! is_page($_landing)) {
        } else {
            if (auth::check_role('readonly') && !is_page($_landing)) {
                // Page not exists
                $topic_path[] = $element;
            } else {
                // Page exists or not exists
                $topic_path[] = '<a href="' . get_page_uri($_landing) . '">' . $element . '</a>';
            }
        }
    }
    if (PLUGIN_TOPICPATH_TOP_DISPLAY) {
        $topic_path[] = make_pagelink($defaultpage, PLUGIN_TOPICPATH_TOP_LABEL);
    }
    return join(PLUGIN_TOPICPATH_TOP_SEPARATOR, array_reverse($topic_path));
}
Exemplo n.º 25
0
function plugin_list_action()
{
    global $vars;
    //	global $_title_list,$_title_filelist;
    $_title_list = _('List of pages');
    $_title_filelist = _('List of page files');
    // Redirected from filelist plugin?
    $filelist = isset($vars['cmd']) && $vars['cmd'] == 'filelist';
    if ($filelist) {
        if (!auth::check_role('role_adm_contents')) {
            $filelist = TRUE;
        } else {
            if (!pkwk_login($vars['pass'])) {
                $filelist = FALSE;
            }
        }
    }
    $listcmd = isset($vars['listcmd']) ? $vars['listcmd'] : 'read';
    return array('msg' => $filelist ? $_title_filelist : $_title_list, 'body' => plugin_list_getlist($filelist, $listcmd));
}
Exemplo n.º 26
0
function plugin_dump_action()
{
    global $vars, $auth_users, $realm;
    // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
    if (auth::check_role('readonly')) {
        die_message(_("PKWK_READONLY prohibits this"));
    }
    $msg = PLUGIN_DUMP_ALLOW_RESTORE ? _("dump & restore") : _("dump");
    $body = '';
    while (auth::check_role('role_adm')) {
        unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
        if (!auth::auth_pw($auth_users)) {
            header('WWW-Authenticate: Basic realm="' . $realm . '"');
            header('HTTP/1.0 401 Unauthorized');
            $body = "<p><strong>" . _("The password is different.") . "</strong></p>\n";
            return array('msg' => $msg, 'body' => $body);
        }
    }
    // メニューを表示する必要があるか?
    if (!isset($vars['menu'])) {
        // 入力フォームを表示
        $body = plugin_dump_disp_form();
        return array('msg' => $msg, 'body' => $body);
    }
    $act = isset($vars['act']) ? $vars['act'] : NULL;
    set_time_limit(0);
    switch ($act) {
        case PLUGIN_DUMP_DUMP:
            $body = plugin_dump_download();
            break;
        case PLUGIN_DUMP_RESTORE:
            $retcode = plugin_dump_upload();
            $msg = $retcode['code'] == TRUE ? _("Up-loading was completed.") : _("It failed in up-loading.");
            $body = $retcode['msg'];
            break;
        default:
            // 無効な命令です。
            $body = _("It is an invalid instruction.");
    }
    return array('msg' => $msg, 'body' => $body);
}
function plugin_update_entities_action()
{
    global $script, $vars;
    global $_entities_messages;
    // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
    if (auth::check_role('readonly')) {
        die_message('PKWK_READONLY prohibits this');
    }
    $msg = $body = '';
    $admin_pass = empty($vars['adminpass']) ? '' : $vars['adminpass'];
    if (isset($vars['menu']) && (!auth::check_role('role_adm_contents') || pkwk_login($admin_pass))) {
        set_time_limit(0);
        plugin_update_entities_create(TRUE);
        $msg =& $_entities_messages['title_update'];
        $body =& $_entities_messages['msg_done'];
        return array('msg' => $msg, 'body' => $body);
    }
    $msg =& $_entities_messages['title_update'];
    $items = plugin_update_entities_create();
    $body = convert_html(sprintf($_entities_messages['msg_usage1'], join("\n" . '-', $items)));
    $body .= <<<EOD
<form method="post" action="{$script}">
 <div>
  <input type="hidden" name="plugin" value="update_entities" />
  <input type="hidden" name="menu"   value="1" />
EOD;
    if (auth::check_role('role_adm_contents')) {
        $body .= convert_html(sprintf($_entities_messages['msg_usage2']));
        $body .= <<<EOD
  <label for="_p_update_entities_adminpass">{$_entities_messages['msg_adminpass']}</label>
  <input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" />
EOD;
    }
    $body .= <<<EOD
  <input type="submit" value="{$_entities_messages['btn_submit']}" />
 </div>
</form>
EOD;
    return array('msg' => $msg, 'body' => $body);
}
Exemplo n.º 28
0
function plugin_links_action()
{
    global $script, $post, $vars, $foot_explain;
    global $_links_messages;
    // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
    if (auth::check_role('readonly')) {
        die_message(_("PKWK_READONLY prohibits this"));
    }
    $admin_pass = empty($post['adminpass']) ? '' : $post['adminpass'];
    if (isset($vars['menu']) && (!auth::check_role('role_adm_contents') || pkwk_login($admin_pass))) {
        set_time_limit(0);
        links_init();
        $foot_explain = array();
        // Exhaust footnotes
        $msg =& $_links_messages['title_update'];
        $body =& $_links_messages['msg_done'];
        return array('msg' => $msg, 'body' => $body);
    }
    $msg =& $_links_messages['title_update'];
    $body = convert_html(sprintf($_links_messages['msg_usage1']));
    $body .= <<<EOD
<form method="post" action="{$script}">
 <div>
  <input type="hidden" name="plugin" value="links" />
  <input type="hidden" name="menu" value="1" />
EOD;
    if (auth::check_role('role_adm_contents')) {
        $body .= convert_html(sprintf($_links_messages['msg_usage2']));
        $body .= <<<EOD
  <label for="_p_links_adminpass">{$_links_messages['msg_adminpass']}</label>
  <input type="password" name="adminpass" id="_p_links_adminpass" size="20" value="" />
EOD;
    }
    $body .= <<<EOD
  <input type="submit" value="{$_links_messages['btn_submit']}" />
 </div>
</form>
EOD;
    return array('msg' => $msg, 'body' => $body);
}
Exemplo n.º 29
0
/**
 * check_role plugin
 *
 * @copyright   Copyright &copy; 2006-2008, Katsumi Saito <*****@*****.**>
 * @version     $Id: check_role.inc.php,v 0.5 2008/01/05 20:56:00 upk Exp $
 * @license     http://opensource.org/licenses/gpl-license.php GNU Public License (GPL2)
 *
 */
function plugin_check_role_convert()
{
    global $check_role;
    if (!$check_role) {
        return '<p>check_role: The function is invalid.</p>';
    }
    // role         - 0:Guest, 2:Webmaster, 3:Contents manager, 4:Authorized
    // chk_role_str - 0,1,4: Authorized, 2:Webmaster, 3:Contents manager
    static $chk_role_str = array('role_auth', 'role_auth', 'role_adm', 'role_adm_contents', 'role_auth');
    $argv = func_get_args();
    $argc = func_num_args();
    $field = array('chk_role');
    for ($i = 0; $i < $argc; $i++) {
        ${$field}[$i] = $argv[$i];
    }
    if (empty($chk_role)) {
        $chk_role = 0;
    }
    $role_func = empty($chk_role_str[$chk_role]) ? 'role_auth' : $chk_role_str[$chk_role];
    if (!auth::check_role($role_func)) {
        return '';
    }
    check_role_die('It is necessary to attest it to inspect this page.');
}
Exemplo n.º 30
0
function plugin_tracker_action()
{
    global $post, $vars, $now;
    //	if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
    if (auth::check_role('readonly')) {
        die_message(_('PKWK_READONLY prohibits editing'));
    }
    if (auth::is_check_role(PKWK_CREATE_PAGE)) {
        die_message(_('PKWK_CREATE_PAGE prohibits editing'));
    }
    $base = isset($post['_base']) ? $post['_base'] : '';
    $refer = isset($post['_refer']) ? $post['_refer'] : '';
    $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : '';
    // $page name to add will be decided here
    $num = 0;
    $name = isset($post['_name']) ? $post['_name'] : '';
    if (isset($post['_page'])) {
        $real = $page = $post['_page'];
    } else {
        $real = is_pagename($name) ? $name : ++$num;
        $page = get_fullname('./' . $real, $base);
    }
    if (!is_pagename($page)) {
        $page = $base;
    }
    while (is_page($page)) {
        $real = ++$num;
        $page = $base . '/' . $real;
    }
    $config = isset($post['_config']) ? $post['_config'] : '';
    $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : '';
    // Petit SPAM Check (Client(Browser)-Server Ticket Check)
    $spam = FALSE;
    if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
        $s_tracker = md5(get_ticket() . $config_name);
        error_log("\$s_tracker: " . $s_tracker);
        error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']);
        //		if ($_SESSION['tracker'] != $s_tracker) {
        //			$spam = TRUE;
        //		}
    } else {
        if (isset($post['encode_hint']) && $post['encode_hint'] != '') {
            if (PKWK_ENCODING_HINT != $post['encode_hint']) {
                $spam = TRUE;
            }
        } else {
            if (PKWK_ENCODING_HINT != '') {
                $spam = TRUE;
            }
        }
        if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) {
            $spam = TRUE;
        }
    }
    if ($spam) {
        honeypot_write();
        return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>');
    }
    // TODO: Why here
    // Default
    $_post = array_merge($post, $_FILES);
    $_post['_date'] = $now;
    $_post['_page'] = $page;
    $_post['_name'] = $name;
    $_post['_real'] = $real;
    // $_post['_refer'] = $_post['refer'];
    // TODO: Why here => See BugTrack/662
    // Creating an empty page, before attaching files
    pkwk_touch_file(get_filename($page));
    $from = $to = array();
    $tracker_form =& new Tracker_form();
    if (!$tracker_form->init($base, $refer, $config)) {
        return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error));
    }
    // Load $template
    $template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE;
    $template = plugin_tracker_get_source($template_page);
    if ($template === FALSE || empty($template)) {
        return array('msg' => 'Cannot write', 'body' => 'Page template (' . htmlspecialchars($template_page) . ') not found');
    }
    if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode('', $template)))) {
        return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error));
    }
    $fields = $tracker_form->fields;
    unset($tracker_form);
    foreach (array_keys($fields) as $field) {
        $from[] = '[' . $field . ']';
        $to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : '';
        unset($fields[$field]);
    }
    // Repalace every [$field]s (found inside $template) to real values
    $subject = $escape = array();
    foreach (array_keys($template) as $linenum) {
        if (trim($template[$linenum]) == '') {
            continue;
        }
        // Escape some TextFormattingRules
        $letter = $template[$linenum][0];
        if ($letter == '|' || $letter == ':') {
            $escape['|'][$linenum] = $template[$linenum];
        } else {
            if ($letter == ',') {
                $escape[','][$linenum] = $template[$linenum];
            } else {
                // TODO: Escape "\n" except multiline-allowed fields
                $subject[$linenum] = $template[$linenum];
            }
        }
    }
    foreach (str_replace($from, $to, $subject) as $linenum => $line) {
        $template[$linenum] = $line;
    }
    if ($escape) {
        // Escape for some TextFormattingRules
        foreach (array_keys($escape) as $hint) {
            $to_e = plugin_tracker_escape($to, $hint);
            foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) {
                $template[$linenum] = $line;
            }
        }
        unset($to_e);
    }
    unset($from, $to);
    // Write $template, without touch
    page_write($page, join('', $template));
    // Create proxy page
    if ($createProxy && ($proxyPage = isset($_post[$createProxy]) ? $_post[$createProxy] : '')) {
        page_write($proxyPage, '#include(' . $page . ',notitle)');
    }
    pkwk_headers_sent();
    header('Location: ' . get_page_location_uri($page));
    exit;
}