function plugin_guiedit_edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE)
{
global $vars;
global $load_template_func, $whatsnew;
global $_button;
global $notimeupdate;
global $js_tags, $link_tags, $js_blocks;
global $guiedit_use_fck;
$script = get_script_uri();
// Newly generate $digest or not
if ($digest === FALSE) {
$digest = md5(get_source($page, TRUE, TRUE));
}
$s_id = isset($vars['id']) ? Utility::htmlsc($vars['id']) : '';
if (!$guiedit_use_fck) {
$body = edit_form($page, $postdata, $digest, $b_template);
$pattern = "/(<input\\s+type=\"hidden\"\\s+name=\"cmd\"\\s+value=\")edit(\"\\s*\\/?>)/";
$replace = "\$1guiedit\$2\n" . ' <input type="hidden" name="id" value="' . $s_id . '" />' . ' <input type="hidden" name="text" value="1" />';
$body = preg_replace($pattern, $replace, $body);
return $body;
}
// require_once(GUIEDIT_CONF_PATH . 'guiedit.ini.php');
// フォームの値の設定
$s_digest = Utility::htmlsc($digest);
$s_page = Utility::htmlsc($page);
$s_original = Utility::htmlsc($vars['original']);
$s_ticket = md5(MUTIME);
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
// BugTrack/95 fix Problem: browser RSS request with session
$_SESSION[$s_ticket] = md5(get_ticket() . $digest);
$_SESSION['origin' . $s_ticket] = md5(get_ticket() . str_replace("\r", '', $s_original));
}
// テンプレート
$template = '';
if ($load_template_func) {
global $guiedit_non_list;
$pages = array();
foreach (get_existpages() as $_page) {
if ($_page == $whatsnew || check_non_list($_page)) {
continue;
}
foreach ($guiedit_non_list as $key) {
$pos = strpos($_page . '/', $key . '/');
if ($pos !== FALSE && $pos == 0) {
continue 2;
}
}
$_s_page = Utility::htmlsc($_page);
$pages[$_page] = ' <option value="' . $_s_page . '">' . $_s_page . '</option>';
}
ksort($pages);
$s_pages = join("\n", $pages);
$template = <<<EOD
<select name="template_page">
\t<option value="">-- {$_button['template']} --</option>
{$s_pages}
</select>
<br />
EOD;
}
// チェックボックス「タイムスタンプを変更しない」
$add_notimestamp = '';
if ($notimeupdate != 0) {
$checked_time = isset($vars['notimestamp']) ? ' checked="checked"' : '';
// if ($notimeupdate == 2) {
if ($notimeupdate == 2 && Auth::check_role('role_contents_admin')) {
$add_notimestamp = ' ' . '<input type="password" name="pass" size="12" />' . "\n";
}
$add_notimestamp = '<input type="checkbox" name="notimestamp" ' . 'id="_edit_form_notimestamp" value="true"' . $checked_time . ' />' . "\n" . ' ' . '<label for="_edit_form_notimestamp"><span class="small">' . $_button['notchangetimestamp'] . '</span></label>' . "\n" . $add_notimestamp . ' ';
}
// フォーム
$body = <<<EOD
<div id="guiedit">
\t<form id="guiedit_form" action="{$script}" method="post" style="margin-bottom:0px;">
\t{$template}
\t\t<input type="hidden" name="cmd" value="guiedit" />
\t\t<input type="hidden" name="page" value="{$s_page}" />
\t\t<input type="hidden" name="digest" value="{$s_digest}" />
\t\t<input type="hidden" name="ticket" value="{$s_ticket}" />
\t\t<input type="hidden" name="id" value="{$s_id}" />
\t\t<textarea name="original" rows="1" cols="1" style="display:none">{$s_original}</textarea>
\t\t<textarea name="msg" id="editor"></textarea>
\t\t<div class="pull-left">
\t\t<button type="submit" name="write" accesskey="s" class="btn btn-primary">{$_button['update']}</button>
\t\t<button type="button" name="preview" accesskey="p" class="btn btn-secondary">{$_button['preview']}</button>
\t\t{$add_notimestamp}
\t\t</div>
\t</form>
\t<form action="{$script}" method="post">
\t\t<input type="hidden" name="cmd" value="guiedit" />
\t\t<input type="hidden" name="page" value="{$s_page}" />
\t\t<input type="submit" name="cancel" value="{$_button['cancel']}" class="btn btn-warning" accesskey="c" />
\t</form>
</div>
EOD;
$js_tags[] = array('type' => 'text/javascript', 'src' => COMMON_URI . 'js/ckeditor/ckeditor.js', 'defer' => 'defer');
$js_tags[] = array('type' => 'text/javascript', 'src' => COMMON_URI . 'js/ckeditor/adapters/jquery.js', 'defer' => 'defer');
$js_tags[] = array('type' => 'text/javascript', 'src' => COMMON_URI . 'js/plugin/guiedit/guiedit.js', 'defer' => 'defer');
return $body;
}
function plugin_tracker_action()
{
global $post, $vars, $now;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (auth::check_role('readonly')) {
die_message(_('PKWK_READONLY prohibits editing'));
}
if (auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
$base = isset($post['_base']) ? $post['_base'] : '';
$refer = isset($post['_refer']) ? $post['_refer'] : '';
$createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : '';
// $page name to add will be decided here
$num = 0;
$name = isset($post['_name']) ? $post['_name'] : '';
if (isset($post['_page'])) {
$real = $page = $post['_page'];
} else {
$real = is_pagename($name) ? $name : ++$num;
$page = get_fullname('./' . $real, $base);
}
if (!is_pagename($page)) {
$page = $base;
}
while (is_page($page)) {
$real = ++$num;
$page = $base . '/' . $real;
}
$config = isset($post['_config']) ? $post['_config'] : '';
$createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : '';
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$spam = FALSE;
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$s_tracker = md5(get_ticket() . $config_name);
error_log("\$s_tracker: " . $s_tracker);
error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']);
// if ($_SESSION['tracker'] != $s_tracker) {
// $spam = TRUE;
// }
} else {
if (isset($post['encode_hint']) && $post['encode_hint'] != '') {
if (PKWK_ENCODING_HINT != $post['encode_hint']) {
$spam = TRUE;
}
} else {
if (PKWK_ENCODING_HINT != '') {
$spam = TRUE;
}
}
if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) {
$spam = TRUE;
}
}
if ($spam) {
honeypot_write();
return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>');
}
// TODO: Why here
// Default
$_post = array_merge($post, $_FILES);
$_post['_date'] = $now;
$_post['_page'] = $page;
$_post['_name'] = $name;
$_post['_real'] = $real;
// $_post['_refer'] = $_post['refer'];
// TODO: Why here => See BugTrack/662
// Creating an empty page, before attaching files
pkwk_touch_file(get_filename($page));
$from = $to = array();
$tracker_form =& new Tracker_form();
if (!$tracker_form->init($base, $refer, $config)) {
return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error));
}
// Load $template
$template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE;
$template = plugin_tracker_get_source($template_page);
if ($template === FALSE || empty($template)) {
return array('msg' => 'Cannot write', 'body' => 'Page template (' . htmlspecialchars($template_page) . ') not found');
}
if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode('', $template)))) {
return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error));
}
$fields = $tracker_form->fields;
unset($tracker_form);
foreach (array_keys($fields) as $field) {
$from[] = '[' . $field . ']';
$to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : '';
unset($fields[$field]);
}
// Repalace every [$field]s (found inside $template) to real values
$subject = $escape = array();
foreach (array_keys($template) as $linenum) {
if (trim($template[$linenum]) == '') {
continue;
}
// Escape some TextFormattingRules
$letter = $template[$linenum][0];
if ($letter == '|' || $letter == ':') {
$escape['|'][$linenum] = $template[$linenum];
} else {
if ($letter == ',') {
$escape[','][$linenum] = $template[$linenum];
} else {
// TODO: Escape "\n" except multiline-allowed fields
$subject[$linenum] = $template[$linenum];
}
}
}
foreach (str_replace($from, $to, $subject) as $linenum => $line) {
$template[$linenum] = $line;
}
if ($escape) {
// Escape for some TextFormattingRules
foreach (array_keys($escape) as $hint) {
$to_e = plugin_tracker_escape($to, $hint);
foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) {
$template[$linenum] = $line;
}
}
unset($to_e);
}
unset($from, $to);
// Write $template, without touch
page_write($page, join('', $template));
// Create proxy page
if ($createProxy && ($proxyPage = isset($_post[$createProxy]) ? $_post[$createProxy] : '')) {
page_write($proxyPage, '#include(' . $page . ',notitle)');
}
pkwk_headers_sent();
header('Location: ' . get_page_location_uri($page));
exit;
}
function plugin_commentx_convert()
{
global $vars, $digest;
//, $_btn_comment, $_btn_name, $_msg_comment;
static $numbers = array();
static $all_numbers = 0;
$_btn_name = _("Name: ");
$_btn_comment = _("Post Comment");
$_msg_comment = _("Comment: ");
$auth_guide = '';
if (PKWK_READONLY == ROLE_AUTH) {
// Plus!
if (exist_plugin('login')) {
$auth_guide = do_plugin_inline('login');
}
}
if (is_callable(array('auth', 'check_role'))) {
// Plus!
if (auth::check_role('readonly')) {
return $auth_guide;
}
} else {
if (PKWK_READONLY) {
return '';
}
}
if (!isset($numbers[$vars['page']])) {
$numbers[$vars['page']] = 0;
}
$comment_no = $numbers[$vars['page']]++;
$comment_all_no = $all_numbers++;
$options = func_num_args() ? func_get_args() : array();
$noname = in_array('noname', $options);
$nodate = in_array('nodate', $options) ? '1' : '0';
$above = in_array('above', $options) ? '1' : (in_array('below', $options) ? '0' : PLUGIN_COMMENTX_DIRECTION_DEFAULT);
$textarea = in_array('textarea', $options) ? TRUE : (in_array('textfield', $options) ? FALSE : PLUGIN_COMMENTX_TEXTAREA);
list($user, $link, $disabled) = plugin_commentx_get_nick();
if ($noname) {
$nametags = '<label for="_p_comment_comment_' . $comment_all_no . '">' . $_msg_comment . '</label>';
} else {
if ($textarea) {
$nametags = '<label for="_p_comment_name_' . $comment_all_no . '">' . $_btn_name . '</label>' . '<input type="text" name="name" id="_p_comment_name_' . $comment_all_no . '" size="' . PLUGIN_COMMENTX_SIZE_TEXTAREA_NAME . '" value="' . $user . '"' . $disabled . ' /><br />' . "\n";
} else {
$nametags = '<label for="_p_comment_name_' . $comment_all_no . '">' . $_btn_name . '</label>' . '<input type="text" name="name" id="_p_comment_name_' . $comment_all_no . '" size="' . PLUGIN_COMMENTX_SIZE_NAME . '" value="' . $user . '"' . $disabled . ' />' . "\n";
}
}
if ($textarea) {
$comment_box = '<textarea name="msg" id="_p_comment_comment_{' . $comment_all_no . '}" rows="' . PLUGIN_COMMENTX_SIZE_TEXTAREA_ROWS . '" style="width:' . PLUGIN_COMMENTX_SIZE_TEXTAREA_COLS . ';" /></textarea>';
} else {
$comment_box = '<input type="text" name="msg" id="_p_comment_comment_{' . $comment_all_no . '}" style="width:' . PLUGIN_COMMENTX_SIZE_MSG . ';" />';
}
if (function_exists('edit_form_assistant')) {
// Plus!
$helptags = edit_form_assistant();
}
$refpage = '';
$script = get_script_uri();
$s_page = htmlspecialchars($vars['page']);
$r_page = htmlspecialchars(rawurlencode($vars['page']));
$ticket = md5(MUTIME);
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$keyword = $ticket;
$_SESSION[$keyword] = md5(get_ticket() . $digest);
}
$string = <<<EOD
<br />
{$auth_guide}
<form action="{$script}?{$r_page}" method="post">
<div class="commentform" onmouseup="pukiwiki_pos()" onkeyup="pukiwiki_pos()">
<input type="hidden" name="refpage" value="{$refpage}" />
<input type="hidden" name="plugin" value="commentx" />
<input type="hidden" name="refer" value="{$s_page}" />
<input type="hidden" name="comment_no" value="{$comment_no}" />
<input type="hidden" name="nodate" value="{$nodate}" />
<input type="hidden" name="above" value="{$above}" />
<input type="hidden" name="digest" value="{$digest}" />
<input type="hidden" name="ticket" value="{$ticket}" />
{$nametags}
{$comment_box}
<input type="submit" name="comment" value="{$_btn_comment}" />
{$helptags}
</div>
</form>
EOD;
return $string;
}
function plugin_approve_action()
{
global $vars, $post;
if (auth::check_role('readonly')) {
die_message(_('PKWK_READONLY prohibits editing'));
}
if (auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$spam = FALSE;
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$s_tracker = md5(get_ticket() . 'Approve');
error_log("\$s_tracker: " . $s_tracker);
error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']);
} else {
if (isset($post['encode_hint']) && $post['encode_hint'] != '') {
error_log("\$post['encode_hint']: " . $post['encode_hint']);
if (PKWK_ENCODING_HINT != $post['encode_hint']) {
$spam = TRUE;
}
} else {
error_log("PKWK_ENCODING_HINT: " . PKWK_ENCODING_HINT);
if (PKWK_ENCODING_HINT != '') {
$spam = TRUE;
}
}
error_log("is_spampost: " . is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT));
if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) {
$spam = TRUE;
}
}
error_log("isSpam: " . $spam);
if ($spam) {
honeypot_write();
return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>');
}
$name = isset($post['name']) ? $post['name'] : '';
$page = isset($post['_page']) ? $post['_page'] : '';
if ($name == '') {
return '<p>approve(): empty name.</p>';
}
if ($page == '') {
return '<p>approve(): empty page.</p>';
}
$config_path = PLUGIN_APPROVE_CONFIG_ROOT . $name;
$config = new YamlConfig($config_path);
if (!$config->read()) {
return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load config. "' . $config_path . '"</p>');
}
$pattern = $config[PLUGIN_APPROVE_KEY_PATTERN];
$replace = $config[PLUGIN_APPROVE_KEY_REPLACE];
$page_regex = $config[PLUGIN_APPROVE_KEY_PAGE_REGEX];
if ($page == '') {
return array('msg' => 'Approve', 'body' => '<p>approve(): empty page.</p>');
}
if ($pattern == '') {
return array('msg' => 'Approve', 'body' => '<p>approve(): empty pattern.</p>');
}
if ($page_regex == '') {
return array('msg' => 'Approve', 'body' => '<p>approve(): empty page_regex.</p>');
}
if (!preg_match($page_regex, $page)) {
return array('msg' => 'Approve', 'body' => '<p>approve(): page not match.</p>');
}
if (PKWK_READONLY > 0 || is_freeze($vars['page']) || !plugin_approve_is_edit_authed($page)) {
return array('msg' => 'Approve', 'body' => '<p>approve(): prohibit editing. "' . $page . '"</p>');
}
$source = get_source($page, TRUE, TRUE);
if ($source === FALSE) {
return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load page. "' . $page . '"</p>');
}
if (strpos($source, $pattern) === FALSE) {
return array('msg' => 'Approve', 'body' => '<p>approve(): pattern not match.</p>');
}
$source = str_replace($pattern, $replace, $source);
//return array('msg'=>'Approve', 'body'=>$source);
page_write($page, $source);
pkwk_headers_sent();
header('Location: ' . get_page_location_uri($page));
exit;
}
function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE)
{
global $script, $vars, $rows, $cols, $hr, $function_freeze;
global $load_template_func, $load_refer_related;
global $notimeupdate;
global $_button, $_string;
global $ajax, $ctrl_unload;
// Newly generate $digest or not
if ($digest === FALSE) {
$digest = md5(get_source($page, TRUE, TRUE));
}
$refer = $template = $addtag = $add_top = $add_ajax = '';
$checked_top = isset($vars['add_top']) ? ' checked="checked"' : '';
$checked_time = isset($vars['notimestamp']) ? ' checked="checked"' : '';
if (isset($vars['add'])) {
$addtag = '<input type="hidden" name="add" value="true" />';
$add_top = '<input type="checkbox" name="add_top" value="true"' . $checked_top . ' /><span class="small">' . $_button['addtop'] . '</span>';
}
if ($load_template_func && $b_template) {
$pages = array();
foreach (auth::get_existpages() as $_page) {
if (is_cantedit($_page) || check_non_list($_page)) {
continue;
}
$s_page = htmlspecialchars($_page);
$pages[$_page] = ' <option value="' . $s_page . '">' . $s_page . '</option>';
}
ksort($pages, SORT_STRING);
$s_pages = join("\n", $pages);
$template = <<<EOD
<select name="template_page">
<option value="">-- {$_button['template']} --</option>
{$s_pages}
</select>
<input type="submit" name="template" value="{$_button['load']}" accesskey="r" />
<br />
EOD;
if ($load_refer_related) {
if (isset($vars['refer']) && $vars['refer'] != '') {
$refer = '[[' . strip_bracket($vars['refer']) . ']]' . "\n\n";
}
}
}
$r_page = rawurlencode($page);
$s_page = htmlspecialchars($page);
$s_digest = htmlspecialchars($digest);
$s_postdata = htmlspecialchars($refer . $postdata);
$s_original = isset($vars['original']) ? htmlspecialchars($vars['original']) : $s_postdata;
$s_id = isset($vars['id']) ? htmlspecialchars($vars['id']) : '';
$b_preview = isset($vars['preview']);
// TRUE when preview
$btn_preview = $b_preview ? $_button['repreview'] : $_button['preview'];
$s_ticket = md5(MUTIME);
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
// BugTrack/95 fix Problem: browser RSS request with session
$_SESSION[$s_ticket] = md5(get_ticket() . $digest);
$_SESSION['origin' . $s_ticket] = md5(get_ticket() . str_replace("\r", '', $s_original));
}
if ($ajax && !is_mobile()) {
$add_ajax = '<input type="button" name="add_ajax" value="' . $btn_preview . '" accesskey="p" onclick="pukiwiki_apx(this.form.page.value)" />';
} else {
$add_ajax = '<input type="submit" name="preview" value="' . $btn_preview . '" accesskey="p" />';
}
$add_notimestamp = '';
if ($notimeupdate != 0 && is_page($page)) {
// enable 'do not change timestamp'
$add_notimestamp = <<<EOD
<input type="checkbox" name="notimestamp" id="_edit_form_notimestamp" value="true"{$checked_time} />
<label for="_edit_form_notimestamp"><span class="small">{$_button['notchangetimestamp']}</span></label>
EOD;
if ($notimeupdate == 2 && auth::check_role('role_adm_contents')) {
// enable only administrator
$add_notimestamp .= <<<EOD
<input type="password" name="pass" size="12" />
EOD;
}
$add_notimestamp .= ' ';
}
$refpage = isset($vars['refpage']) ? htmlspecialchars($vars['refpage']) : '';
$add_assistant = edit_form_assistant();
$body = <<<EOD
<div id="realview_outer"><div id="realview"></div><br /></div>
<form action="{$script}" method="post" id="form">
<div class="edit_form" onmouseup="pukiwiki_pos()" onkeyup="pukiwiki_pos()">
{$template}
{$addtag}
<input type="hidden" name="cmd" value="edit" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="digest" value="{$s_digest}" />
<input type="hidden" name="ticket" value="{$s_ticket}" />
<input type="hidden" name="id" value="{$s_id}" />
<textarea id="msg" name="msg" rows="{$rows}" cols="{$cols}" onselect="pukiwiki_apv(this.form.page.value,this)" onfocus="pukiwiki_apv(this.form.page.value,this)" onkeyup="pukiwiki_apv(this.form.page.value,this)" onmouseup="pukiwiki_apv(this.form.page.value,this)">{$s_postdata}</textarea>
<br />
{$add_assistant}
<br />
<input type="submit" name="write" value="{$_button['update']}" accesskey="s" />
{$add_top}
{$add_ajax}
{$add_notimestamp}
<input type="submit" id="cancel" name="cancel" value="{$_button['cancel']}" accesskey="c" />
<textarea id="original" name="original" rows="1" cols="1" style="display:none">{$s_original}</textarea>
</div>
</form>
EOD;
if ($ajax) {
global $head_tags;
$head_tags[] = ' <script type="text/javascript" charset="utf-8" src="' . SKIN_URI . 'ajax/msxml.js"></script>';
$head_tags[] = ' <script type="text/javascript" charset="utf-8" src="' . SKIN_URI . 'ajax/realedit.js"></script>';
}
if ($ctrl_unload) {
global $head_tags;
$head_tags[] = ' <script type="text/javascript" charset="utf-8" src="' . SKIN_URI . 'ajax/ctrl_unload.js"></script>';
}
return $body;
}
foreach ($vars as $key => $value) {
$_vars[$key] =& $vars[$key];
}
foreach ($_ignore as $key) {
unset($_vars[$key]);
}
} else {
$_vars =& $vars;
}
pkwk_spamfilter($method . ' to #' . $_plugin, $_page, $_vars, $_method, $exitmode);
}
}
// If page output, enable session.
// NOTE: if action plugin(command) use session, call pkwk_session_start()
// in plugin action-API function.
pkwk_session_start();
// auth remoteip
if (isset($auth_api['remoteip']['use']) && $auth_api['remoteip']['use']) {
if (exist_plugin_inline('remoteip')) {
do_plugin_inline('remoteip');
}
}
$is_protect = auth::is_protect();
// Plugin execution
if ($plugin != '') {
if ($is_protect) {
$plugin_arg = '';
if (auth::is_protect_plugin_action($plugin)) {
if (exist_plugin_action($plugin)) {
do_plugin_action($plugin);
}
function plugin_typekey_action()
{
global $vars, $auth_api;
if (!function_exists('pkwk_session_start')) {
return '';
}
if (pkwk_session_start() == 0) {
return '';
}
if (empty($auth_api['typekey']['site_token'])) {
return '';
}
$obj = new auth_typekey();
$obj->set_regkeys();
$obj->set_need_email($auth_api['typekey']['need_email']);
$obj->set_sigKey($vars);
$page = empty($vars['page']) ? '' : $vars['page'];
if (!$obj->auth()) {
if (isset($vars['logout'])) {
$obj->auth_session_unset();
}
header('Location: ' . get_page_location_uri($page));
die;
}
// 認証成功
$obj->auth_session_put();
header('Location: ' . get_page_location_uri($page));
die;
}
function get_user_name()
{
global $auth_api;
foreach ($auth_api as $api => $val) {
// どうしても必要な場合のみ開始
if (!$val['use']) {
continue;
}
if (function_exists('pkwk_session_start')) {
pkwk_session_start();
}
break;
}
foreach ($auth_api as $api => $val) {
if (!$val['use']) {
continue;
}
if (!exist_plugin($api)) {
continue;
}
$call_func = 'plugin_' . $api . '_get_user_name';
list($role, $name, $nick, $profile) = $call_func();
if (!empty($name)) {
return array($role, $name, $nick, $profile);
}
}
return array(ROLE_GUEST, '', '', '');
}
function get_auth_api_info()
{
global $auth_api, $auth_wkgrp_user, $defaultpage;
foreach ($auth_api as $api => $val) {
// どうしても必要な場合のみ開始
if (!$val['use']) {
continue;
}
if (function_exists('pkwk_session_start')) {
pkwk_session_start();
}
break;
}
require_once LIB_DIR . 'auth_api.cls.php';
$obj = new auth_api();
$msg = $obj->auth_session_get();
if (isset($msg['api']) && $auth_api[$msg['api']]['use']) {
if (exist_plugin($msg['api'])) {
$call_func = 'plugin_' . $msg['api'] . '_get_user_name';
$auth_key = $call_func();
$auth_key['api'] = $msg['api'];
if (empty($auth_key['nick'])) {
return array('role' => ROLE_GUEST, 'nick' => '', 'key' => '', 'group' => '', 'displayname' => '', 'home' => '', 'mypage' => '', 'api' => '');
}
// 上書き・追加する項目
if (!empty($auth_wkgrp_user[$auth_key['api']][$auth_key['key']])) {
$val =& $auth_wkgrp_user[$auth_key['api']][$auth_key['key']];
$auth_key['role'] = empty($val['role']) ? ROLE_ENROLLEE : $val['role'];
$auth_key['group'] = empty($val['group']) ? '' : $val['group'];
$auth_key['displayname'] = empty($val['displayname']) ? $user : $val['displayname'];
$auth_key['home'] = empty($val['home']) ? $defaultpage : $val['home'];
$auth_key['mypage'] = empty($val['mypage']) ? '' : $val['mypage'];
}
return $auth_key;
}
}
return array('role' => ROLE_GUEST, 'nick' => '', 'key' => '', 'group' => '', 'displayname' => '', 'home' => '', 'mypage' => '', 'api' => '');
}
function plugin_guiedit_edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE)
{
global $vars;
global $load_template_func, $whatsnew;
global $_button;
global $notimeupdate;
global $head_tags, $javascript;
global $guiedit_use_fck;
// Newly generate $digest or not
if ($digest === FALSE) {
$digest = md5(get_source($page, TRUE, TRUE));
}
$s_id = isset($vars['id']) ? htmlspecialchars($vars['id']) : '';
if (!$guiedit_use_fck) {
$body = edit_form($page, $postdata, $digest, $b_template);
$pattern = "/(<input\\s+type=\"hidden\"\\s+name=\"cmd\"\\s+value=\")edit(\"\\s*\\/?>)/";
$replace = "\$1guiedit\$2\n" . ' <input type="hidden" name="id" value="' . $s_id . '" />' . ' <input type="hidden" name="text" value="1" />';
$body = preg_replace($pattern, $replace, $body);
return $body;
}
require_once GUIEDIT_LIB_PATH . 'guiedit.ini.php';
// フォームの値の設定
$s_digest = htmlspecialchars($digest);
$s_page = htmlspecialchars($page);
$s_original = htmlspecialchars($vars['original']);
$s_ticket = md5(MUTIME);
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
// BugTrack/95 fix Problem: browser RSS request with session
$_SESSION[$s_ticket] = md5(get_ticket() . $digest);
$_SESSION['origin' . $s_ticket] = md5(get_ticket() . str_replace("\r", '', $s_original));
}
// テンプレート
$template = '';
if ($load_template_func) {
global $guiedit_non_list;
$pages = array();
foreach (get_existpages() as $_page) {
if ($_page == $whatsnew || check_non_list($_page)) {
continue;
}
foreach ($guiedit_non_list as $key) {
$pos = strpos($_page . '/', $key . '/');
if ($pos !== FALSE && $pos == 0) {
continue 2;
}
}
$_s_page = htmlspecialchars($_page);
$pages[$_page] = ' <option value="' . $_s_page . '">' . $_s_page . '</option>';
}
ksort($pages);
$s_pages = join("\n", $pages);
$template = <<<EOD
<select name="template_page" onchange="Template()">
<option value="">-- {$_button['template']} --</option>
{$s_pages}
</select>
<br />
EOD;
}
// チェックボックス「タイムスタンプを変更しない」
$add_notimestamp = '';
if ($notimeupdate != 0) {
$checked_time = isset($vars['notimestamp']) ? ' checked="checked"' : '';
// if ($notimeupdate == 2) {
if ($notimeupdate == 2 && auth::check_role('role_adm_contents')) {
$add_notimestamp = ' ' . '<input type="password" name="pass" size="12" />' . "\n";
}
$add_notimestamp = '<input type="checkbox" name="notimestamp" ' . 'id="_edit_form_notimestamp" value="true"' . $checked_time . ' />' . "\n" . ' ' . '<label for="_edit_form_notimestamp"><span class="small">' . $_button['notchangetimestamp'] . '</span></label>' . "\n" . $add_notimestamp . ' ';
}
// フォーム
$body = <<<EOD
<div class="edit_form">
<form id="edit_form" action="{$script}" method="post" style="margin-bottom:0px;">
{$template}
<input type="hidden" name="cmd" value="guiedit" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="hidden" name="digest" value="{$s_digest}" />
<input type="hidden" name="ticket" value="{$s_ticket}" />
<input type="hidden" name="id" value="{$s_id}" />
<textarea name="msg" rows="1" cols="1" style="display:none"></textarea>
<div style="float:left;">
<input type="submit" name="write" value="{$_button['update']}" accesskey="s" onclick="Write()" />
<input type="button" name="preview" value="{$_button['preview']}" accesskey="p" onclick="Preview()" />
{$add_notimestamp}
</div>
<textarea name="original" rows="1" cols="1" style="display:none">{$s_original}</textarea>
</form>
<form action="{$script}" method="post" style="margin-top:0px;">
<input type="hidden" name="cmd" value="guiedit" />
<input type="hidden" name="page" value="{$s_page}" />
<input type="submit" name="cancel" value="{$_button['cancel']}" accesskey="c" />
</form>
</div>
<div id="preview_indicator" style="display:none"></div>
<div id="preview_area" style="display:none"></div>
EOD;
// JavaScript を有効にする
$javascript = 1;
$root = get_baseuri('abs');
// ヘッダの設定
$head_tags[] = ' <link rel="stylesheet" type="text/css" href="' . GUIEDIT_LIB_PATH . 'guiedit.css" charset="UTF-8" />';
$head_tags[] = ' <script type="text/javascript" src="' . GUIEDIT_FCK_PATH . 'fckeditor.js" charset="UTF-8"></script>';
$head_tags[] = ' <script type="text/javascript" src="' . GUIEDIT_LIB_PATH . 'ajax.js" charset="UTF-8"></script>';
$head_tags[] = ' <script type="text/javascript" src="' . GUIEDIT_LIB_PATH . 'guiedit.js" charset="UTF-8"></script>';
$head_tags[] = ' <script type="text/javascript">';
$head_tags[] = ' <!-- <![CDATA[';
$head_tags[] = ' var SMILEY_PATH="' . $root . IMAGE_URI . "face/" . '";';
$head_tags[] = ' var FCK_PATH="' . $root . GUIEDIT_FCK_PATH . '";';
$head_tags[] = ' var GUIEDIT_PATH="' . $root . GUIEDIT_LIB_PATH . '";';
$head_tags[] = ' //]]>-->';
$head_tags[] = ' </script>';
return $body;
}
function plugin_openid_action()
{
global $vars, $_openid_msg, $auth_api;
$die_message = PLUS_PROTECT_MODE ? 'die_msg' : 'die_message';
// OpenID 関連プラグイン経由の認証がOKの場合のみ通過を許可
if (!isset($auth_api['openid']['use'])) {
return '';
}
if (!$auth_api['openid']['use']) {
$die_message($_openid_msg['msg_invalid']);
}
if (!function_exists('pkwk_session_start')) {
$die_message($_openid_msg['msg_not_found']);
}
if (pkwk_session_start() == 0) {
$die_message($_openid_msg['msg_not_start']);
}
// LOGOUT
if (isset($vars['logout'])) {
$obj = new auth_openid_plus();
$obj->auth_session_unset();
$page = empty($vars['page']) ? '' : $vars['page'];
header('Location: ' . get_page_location_uri($page));
die;
}
// LOGIN
if (!isset($vars['action'])) {
return array('msg' => $_openid_msg['msg_title'], 'body' => plugin_openid_login_form());
}
// AUTH
if (!file_exists(PLUGIN_OPENID_STORE_PATH) && !mkdir(PLUGIN_OPENID_STORE_PATH)) {
$die_mesage(sprintf($_openid_msg['err_store_path'], PLUGIN_OPENID_STORE_PATH));
}
ini_set('include_path', LIB_DIR . 'openid/');
require_once 'Auth/OpenID/Consumer.php';
require_once 'Auth/OpenID/FileStore.php';
require_once 'Auth/OpenID/SReg.php';
require_once 'Auth/OpenID/PAPE.php';
ini_restore('include_path');
global $pape_policy_uris;
$pape_policy_uris = array(PAPE_AUTH_MULTI_FACTOR_PHYSICAL, PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT);
$store = new Auth_OpenID_FileStore(PLUGIN_OPENID_STORE_PATH);
$consumer = new Auth_OpenID_Consumer($store);
switch ($vars['action']) {
case 'verify':
if (empty($vars['openid_url'])) {
return array('msg' => $_openid_msg['msg_title'], 'body' => plugin_openid_login_form());
}
return plugin_openid_verify($consumer);
case 'finish_auth':
return plugin_openid_finish_auth($consumer);
}
// Error.
header('Location: ' . get_location_uri());
}
function plugin_bugtrack_print_form($base, $category)
{
global $_plugin_bugtrack, $script;
static $id = 0;
++$id;
$select_priority = "\n";
$count = count($_plugin_bugtrack['priority_list']);
$selected = '';
for ($i = 0; $i < $count; ++$i) {
if ($i == $count - 1) {
$selected = ' selected="selected"';
}
// The last one
$priority_list = htmlspecialchars($_plugin_bugtrack['priority_list'][$i]);
$select_priority .= ' <option value="' . $priority_list . '"' . $selected . '>' . $priority_list . '</option>' . "\n";
}
$select_state = "\n";
for ($i = 0; $i < count($_plugin_bugtrack['state_list']); ++$i) {
$state_list = htmlspecialchars($_plugin_bugtrack['state_list'][$i]);
$select_state .= ' <option value="' . $state_list . '">' . $state_list . '</option>' . "\n";
}
if (empty($category)) {
$encoded_category = '<input name="category" id="_p_bugtrack_category_' . $id . '" type="text" />';
} else {
$encoded_category = '<select name="category" id="_p_bugtrack_category_' . $id . '">';
foreach ($category as $_category) {
$s_category = htmlspecialchars($_category);
$encoded_category .= '<option value="' . $s_category . '">' . $s_category . '</option>' . "\n";
}
$encoded_category .= '</select>';
}
$ticket = md5(MUTIME);
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$keyword = 'B_' . $ticket;
$_SESSION[$keyword] = md5(get_ticket() . $ticket);
}
$s_base = htmlspecialchars($base);
$s_name = htmlspecialchars($_plugin_bugtrack['name']);
$s_category = htmlspecialchars($_plugin_bugtrack['category']);
$s_priority = htmlspecialchars($_plugin_bugtrack['priority']);
$s_state = htmlspecialchars($_plugin_bugtrack['state']);
$s_pname = htmlspecialchars($_plugin_bugtrack['pagename']);
$s_pnamec = htmlspecialchars($_plugin_bugtrack['pagename_comment']);
$s_version = htmlspecialchars($_plugin_bugtrack['version']);
$s_versionc = htmlspecialchars($_plugin_bugtrack['version_comment']);
$s_summary = htmlspecialchars($_plugin_bugtrack['summary']);
$s_body = htmlspecialchars($_plugin_bugtrack['body']);
$s_submit = htmlspecialchars($_plugin_bugtrack['submit']);
$body = <<<EOD
<form action="{$script}" method="post">
<table border="0">
<tr>
<th><label for="_p_bugtrack_name_{$id}">{$s_name}</label></th>
<td><input id="_p_bugtrack_name_{$id}" name="name" size="20" type="text" /></td>
</tr>
<tr>
<th><label for="_p_bugtrack_category_{$id}">{$s_category}</label></th>
<td>{$encoded_category}</td>
</tr>
<tr>
<th><label for="_p_bugtrack_priority_{$id}">{$s_priority}</label></th>
<td><select id="_p_bugtrack_priority_{$id}" name="priority">{$select_priority} </select></td>
</tr>
<tr>
<th><label for="_p_bugtrack_state_{$id}">{$s_state}</label></th>
<td><select id="_p_bugtrack_state_{$id}" name="state">{$select_state} </select></td>
</tr>
<tr>
<th><label for="_p_bugtrack_pagename_{$id}">{$s_pname}</label></th>
<td><input id="_p_bugtrack_pagename_{$id}" name="pagename" size="20" type="text" />
<small>{$s_pnamec}</small></td>
</tr>
<tr>
<th><label for="_p_bugtrack_version_{$id}">{$s_version}</label></th>
<td><input id="_p_bugtrack_version_{$id}" name="version" size="10" type="text" />
<small>{$s_versionc}</small></td>
</tr>
<tr>
<th><label for="_p_bugtrack_summary_{$id}">{$s_summary}</label></th>
<td><input id="_p_bugtrack_summary_{$id}" name="summary" size="60" type="text" /></td>
</tr>
<tr>
<th><label for="_p_bugtrack_body_{$id}">{$s_body}</label></th>
<td><textarea id="_p_bugtrack_body_{$id}" name="body" cols="60" rows="6"></textarea></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="{$s_submit}" />
<input type="hidden" name="plugin" value="bugtrack" />
<input type="hidden" name="ticket" value="{$ticket}" />
<input type="hidden" name="mode" value="submit" />
<input type="hidden" name="base" value="{$s_base}" />
</td>
</tr>
</table>
</form>
EOD;
return $body;
}
function plugin_comment_convert()
{
global $vars, $digest, $script;
//, $_btn_comment, $_btn_name, $_msg_comment;
static $numbers = array();
static $all_numbers = 0;
static $comment_cols = PLUGIN_COMMENT_SIZE_MSG;
$_btn_name = _("Name: ");
$_btn_comment = _("Post Comment");
$_msg_comment = _("Comment: ");
$auth_guide = '';
if (PKWK_READONLY == ROLE_AUTH) {
exist_plugin('login');
$auth_guide = do_plugin_inline('login');
}
// if (PKWK_READONLY) return ''; // Show nothing
if (auth::check_role('readonly')) {
return $auth_guide;
}
if (!isset($numbers[$vars['page']])) {
$numbers[$vars['page']] = 0;
}
$comment_no = $numbers[$vars['page']]++;
$comment_all_no = $all_numbers++;
$options = func_num_args() ? func_get_args() : array();
list($user, $link, $disabled) = plugin_comment_get_nick();
if (in_array('noname', $options)) {
$nametags = '<label for="_p_comment_comment_' . $comment_all_no . '">' . $_msg_comment . '</label>';
} else {
$nametags = '<label for="_p_comment_name_' . $comment_all_no . '">' . $_btn_name . '</label>' . '<input type="text" name="name" id="_p_comment_name_' . $comment_all_no . '" size="' . PLUGIN_COMMENT_SIZE_NAME . '" value="' . htmlspecialchars($user) . '"' . $disabled . ' />' . "\n";
}
$helptags = edit_form_assistant();
$nodate = in_array('nodate', $options) ? '1' : '0';
$above = in_array('above', $options) ? '1' : (in_array('below', $options) ? '0' : PLUGIN_COMMENT_DIRECTION_DEFAULT);
$refpage = '';
$s_page = htmlspecialchars($vars['page']);
$ticket = md5(MUTIME);
if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) {
$keyword = $ticket;
$_SESSION[$keyword] = md5(get_ticket() . $digest);
}
$string = <<<EOD
<br />
{$auth_guide}
<form action="{$script}" method="post">
<div class="commentform" onmouseup="pukiwiki_pos()" onkeyup="pukiwiki_pos()">
<input type="hidden" name="refpage" value="{$refpage}" />
<input type="hidden" name="plugin" value="comment" />
<input type="hidden" name="refer" value="{$s_page}" />
<input type="hidden" name="comment_no" value="{$comment_no}" />
<input type="hidden" name="nodate" value="{$nodate}" />
<input type="hidden" name="above" value="{$above}" />
<input type="hidden" name="digest" value="{$digest}" />
<input type="hidden" name="ticket" value="{$ticket}" />
{$nametags}
<input type="text" name="msg" id="_p_comment_comment_{$comment_all_no}" size="{$comment_cols}" />
<input type="submit" name="comment" value="{$_btn_comment}" />
{$helptags}
</div>
</form>
EOD;
return $string;
}
function plugin_livedoor_action()
{
global $vars, $auth_api, $_livedoor_msg;
if (!$auth_api['livedoor']['use']) {
return '';
}
if (!function_exists('pkwk_session_start')) {
return '';
}
if (pkwk_session_start() == 0) {
return '';
}
$die_message = PLUS_PROTECT_MODE ? 'die_msg' : 'die_message';
// LOGIN
if (isset($vars['login'])) {
header('Location: ' . plugin_livedoor_jump_url());
die;
}
$obj = new auth_livedoor();
// LOGOUT
if (isset($vars['logout'])) {
$obj->auth_session_unset();
$page = empty($vars['page']) ? '' : decode($vars['page']);
header('Location: ' . get_page_location_uri($page));
die;
}
// AUTH
$rc = $obj->auth($vars);
if (!isset($rc['has_error']) || $rc['has_error'] == 'true') {
// ERROR
$body = isset($rc['message']) ? $rc['message'] : 'unknown error.';
$die_message($body);
}
$obj->auth_session_put();
header('Location: ' . get_page_location_uri($obj->get_return_page()));
die;
}
function plugin_jugemkey_action()
{
global $vars, $auth_api, $_jugemkey_msg;
if (!$auth_api['jugemkey']['use']) {
return '';
}
if (!function_exists('pkwk_session_start')) {
return '';
}
if (pkwk_session_start() == 0) {
return '';
}
$page = empty($vars['page']) ? '' : $vars['page'];
$die_message = PLUS_PROTECT_MODE ? 'die_msg' : 'die_message';
// LOGIN
if (isset($vars['login'])) {
header('Location: ' . plugin_jugemkey_jump_url());
die;
}
$obj = new auth_jugemkey();
// LOGOUT
if (isset($vars['logout'])) {
$obj->auth_session_unset();
header('Location: ' . get_page_location_uri($page));
die;
}
// Get token info
if (isset($vars['userinfo'])) {
$rc = $obj->get_userinfo($vars['token']);
if ($rc['rc'] != 200) {
$msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')';
$die_message('JugemKey: RC=' . $rc['rc'] . $msg);
}
$body = '<h3>' . $_jugemkey_msg['msg_userinfo'] . '</h3>' . '<strong>' . $_jugemkey_msg['msg_user_name'] . ': ' . $rc['title'] . '</strong>';
return array('msg' => 'JugemKey', 'body' => $body);
}
// AUTH
$rc = $obj->auth($vars['frob']);
if ($rc['rc'] != 200) {
$msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')';
$die_message('JugemKey: ' . $rc['rc'] . $msg);
}
$obj->auth_session_put();
header('Location: ' . get_page_location_uri($page));
die;
}
