/** * スパムフィルタ * @param string $cmd 動作 */ public static function spamCheck($cmd) { global $spam, $vars, $method; // Adjustment $_spam = !empty($spam); $_cmd = strtolower($cmd); $_ignore = array(); switch ($_cmd) { case 'search': $_spam = FALSE; break; case 'edit': $_page =& $page; if (isset($vars['add']) && $vars['add']) { $_cmd = 'add'; } else { $_ignore[] = 'original'; } break; case 'bugtrack': $_page =& $vars['base']; break; case 'tracker': $_page =& $vars['_base']; break; case 'read': $_page =& $page; break; default: $_page =& $refer; break; } if ($_spam) { if (isset($spam['method'][$_cmd])) { $_method = $spam['method'][$_cmd]; } else { if (isset($spam['method']['_default'])) { $_method = $spam['method']['_default']; } else { $_method = array(); } } $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : null; // Hack: ignorance several keys if ($_ignore) { $_vars = array(); foreach ($vars as $key => $value) { $_vars[$key] =& $vars[$key]; } foreach ($_ignore as $key) { unset($_vars[$key]); } } else { $_vars = $vars; } Spam::pkwk_spamfilter($method . ' to #' . $_cmd, $_page, $_vars, $_method, $exitmode); } }
function attach_doupload($file, $page, $pass = NULL, $temp) { global $_attach_messages, $_string; global $notify, $notify_subject, $notify_exclude, $spam; $filename = Utility::encode($page) . '_' . Utility::encode($file); $type = Utility::getMimeInfo($temp); $must_compress = PLUGIN_ATTACH_UNKNOWN_COMPRESS !== 0 ? attach_is_compress($type, PLUGIN_ATTACH_UNKNOWN_COMPRESS) : false; // 不明なファイルを圧縮するか? // ファイル名の長さをチェック $filename_length = strlen($filename); if ($filename_length >= 255 || $must_compress && $filename_length >= 251) { return array('result' => FALSE, 'msg' => $_attach_messages['err_filename']); } // スパムチェック if ($spam !== 0) { // ファイルの内容でスパムチェック // if attach spam, filtering attach file. $vars['uploadname'] = $file['name']; $vars['uploadtext'] = attach_gettext($file['tmp_name']); if ($vars['uploadtext'] === '' || $vars['uploadtext'] === FALSE) { return FALSE; } if (isset($spam['method']['attach'])) { $_method =& $spam['method']['attach']; } else { if (isset($spam['method']['_default'])) { $_method =& $spam['method']['_default']; } else { $_method = array(); } } $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : ''; Spam::pkwk_spamfilter('File Attach', $page, $vars, $_method, $exitmode); } if ($must_compress) { // 添付ファイルを圧縮する switch (PLUGIN_ATTACH_COMPRESS_TYPE) { case 'GZ': if (!extension_loaded('zlib')) { Utility::dieMessage('#attach: zlib extention has not loaded.'); } $obj = new AttachFile($page, $file . '.gz'); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } $tp = fopen($file['tmp_name'], 'rb') or die_message($_attach_messages['err_load_file']); $zp = gzopen($obj->filename, 'wb') or die_message($_attach_messages['err_write_tgz']); while (!feof($tp)) { gzwrite($zp, fread($tp, 8192)); } gzclose($zp); fclose($tp); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); break; case 'ZIP': if (!class_exists('ZipArchive')) { Utility::dieMessage('#attach: ZipArchive class has not defined.'); } $obj = new AttachFile($page, $file . '.zip'); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } $zip = new ZipArchive(); $zip->addFile($temp, $file); // if ($zip->status !== ZIPARCHIVE::ER_OK) if ($zip->status !== 0) { die_message($_attach_messages['err_upload'] . '(' . $zip->status . ').'); } $zip->close(); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); break; case 'BZ2': if (!extension_loaded('bz2')) { Utility::dieMessage('#attach: bz2 extention has not loaded.'); } $obj = new AttachFile($page, $file . '.bz2'); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } $tp = fopen($file['tmp_name'], 'rb') or die_message($_attach_messages['err_load_file']); $zp = bzopen($obj->filename, 'wb') or die_message($_attach_messages['err_write_tgz']); while (!feof($tp)) { bzwrite($zp, fread($tp, 8192)); } bzclose($zp); fclose($tp); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); break; default: //miko $obj = new AttachFile($page, $file); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } if (move_uploaded_file($temp, $obj->filename)) { chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); } break; } } else { // 通常添付 $obj = new AttachFile($page, $file); if (isset($obj->exist)) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } if (move_uploaded_file($temp, $obj->filename)) { chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); } } if (file_exists($temp)) { unlink($temp); } // ページのタイムスタンプを更新 Factory::Wiki($page)->touch(); $obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : ''; if ($notify) { $notify_exec = TRUE; foreach ($notify_exclude as $exclude) { $exclude = preg_quote($exclude); if (substr($exclude, -1) == '.') { $exclude .= '*'; } if (preg_match('/^' . $exclude . '/', get_remoteip())) { $notify_exec = FALSE; break; } } $footer['ACTION'] = 'File attached'; $footer['FILENAME'] = $file['name']; $footer['FILESIZE'] = $file['size']; $footer['PAGE'] = $page; $footer['URI'] = get_cmd_uri('attach', '', array('refer' => $page, 'pcmd' => 'info', 'file' => $file['name'])); $footer['USER_AGENT'] = TRUE; $footer['REMOTE_ADDR'] = TRUE; pkwk_mail_notify($notify_subject, "\n", $footer); } return array('result' => TRUE, 'msg' => $_attach_messages['msg_uploaded']); }