function get_ticket($newticket = FALSE) { $file = CACHE_DIR . 'ticket.dat'; if (file_exists($file) && $newticket !== TRUE) { $fp = fopen($file, 'r') or die_message('Cannot open ' . 'CACHE_DIR/' . 'ticket.dat'); $ticket = trim(fread($fp, filesize($file))); fclose($fp); } else { $ticket = md5(mt_rand()); pkwk_touch_file($file); $fp = fopen($file, 'r+') or die_message('Cannot open ' . 'CACHE_DIR/' . 'ticket.dat'); set_file_buffer($fp, 0); @flock($fp, LOCK_EX); $last = ignore_user_abort(1); ftruncate($fp, 0); rewind($fp); fputs($fp, $ticket . "\n"); ignore_user_abort($last); @flock($fp, LOCK_UN); fclose($fp); } return $ticket; }
function plugin_tracker_action() { global $post, $vars, $now; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (auth::check_role('readonly')) { die_message(_('PKWK_READONLY prohibits editing')); } if (auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } $base = isset($post['_base']) ? $post['_base'] : ''; $refer = isset($post['_refer']) ? $post['_refer'] : ''; $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : ''; // $page name to add will be decided here $num = 0; $name = isset($post['_name']) ? $post['_name'] : ''; if (isset($post['_page'])) { $real = $page = $post['_page']; } else { $real = is_pagename($name) ? $name : ++$num; $page = get_fullname('./' . $real, $base); } if (!is_pagename($page)) { $page = $base; } while (is_page($page)) { $real = ++$num; $page = $base . '/' . $real; } $config = isset($post['_config']) ? $post['_config'] : ''; $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : ''; // Petit SPAM Check (Client(Browser)-Server Ticket Check) $spam = FALSE; if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $s_tracker = md5(get_ticket() . $config_name); error_log("\$s_tracker: " . $s_tracker); error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']); // if ($_SESSION['tracker'] != $s_tracker) { // $spam = TRUE; // } } else { if (isset($post['encode_hint']) && $post['encode_hint'] != '') { if (PKWK_ENCODING_HINT != $post['encode_hint']) { $spam = TRUE; } } else { if (PKWK_ENCODING_HINT != '') { $spam = TRUE; } } if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) { $spam = TRUE; } } if ($spam) { honeypot_write(); return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>'); } // TODO: Why here // Default $_post = array_merge($post, $_FILES); $_post['_date'] = $now; $_post['_page'] = $page; $_post['_name'] = $name; $_post['_real'] = $real; // $_post['_refer'] = $_post['refer']; // TODO: Why here => See BugTrack/662 // Creating an empty page, before attaching files pkwk_touch_file(get_filename($page)); $from = $to = array(); $tracker_form =& new Tracker_form(); if (!$tracker_form->init($base, $refer, $config)) { return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error)); } // Load $template $template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE; $template = plugin_tracker_get_source($template_page); if ($template === FALSE || empty($template)) { return array('msg' => 'Cannot write', 'body' => 'Page template (' . htmlspecialchars($template_page) . ') not found'); } if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode('', $template)))) { return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error)); } $fields = $tracker_form->fields; unset($tracker_form); foreach (array_keys($fields) as $field) { $from[] = '[' . $field . ']'; $to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : ''; unset($fields[$field]); } // Repalace every [$field]s (found inside $template) to real values $subject = $escape = array(); foreach (array_keys($template) as $linenum) { if (trim($template[$linenum]) == '') { continue; } // Escape some TextFormattingRules $letter = $template[$linenum][0]; if ($letter == '|' || $letter == ':') { $escape['|'][$linenum] = $template[$linenum]; } else { if ($letter == ',') { $escape[','][$linenum] = $template[$linenum]; } else { // TODO: Escape "\n" except multiline-allowed fields $subject[$linenum] = $template[$linenum]; } } } foreach (str_replace($from, $to, $subject) as $linenum => $line) { $template[$linenum] = $line; } if ($escape) { // Escape for some TextFormattingRules foreach (array_keys($escape) as $hint) { $to_e = plugin_tracker_escape($to, $hint); foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) { $template[$linenum] = $line; } } unset($to_e); } unset($from, $to); // Write $template, without touch page_write($page, join('', $template)); // Create proxy page if ($createProxy && ($proxyPage = isset($_post[$createProxy]) ? $_post[$createProxy] : '')) { page_write($proxyPage, '#include(' . $page . ',notitle)'); } pkwk_headers_sent(); header('Location: ' . get_page_location_uri($page)); exit; }
function restore_time() { $this->cachefile = CACHE_DIR . "remakepage.dat"; if (($lines = file($this->cachefile)) === FALSE) { return "<p><b>timestamp cache file, {$this->cachefile}, does not exist or not readable. </b></p>"; } $oldpages = array(); $failedpages = array(); foreach ($lines as $line) { $line = rtrim($line); list($page, $time) = csv_explode(',', $line); $oldpages[] = $page; if (is_page($page) && pkwk_touch_file(get_filename($page), $time) === false) { $failedpages[] = $page; } } put_lastmodified(); $body = '<p>'; $body .= '<b>Restored timestamps.</b><br />'; $nonexists = array_diff($oldpages, get_existpages()); if (!empty($nonexists)) { $body .= "<b>Following pages do not exist in current wiki,</b><br />\n"; $body .= implode("<br />\n", $nonexists) . "<br />"; } if (!empty($failedpages)) { $body .= "<b>Failed to restore timestamp of </b><br />\n"; $body .= implode("<br />\n", $failedpages) . "<br />"; $body .= "<b>Skipped.</b><br />"; } $body .= '</p>'; return $body; }
function put_lastmodified() { global $maxshow, $whatsnew, $autolink, $autobasealias; // if (PKWK_READONLY) return; // Do nothing if (auth::check_role('readonly')) { return; } // Do nothing // Get WHOLE page list $pages = get_existpages(); // Check ALL filetime $recent_pages = array(); foreach ($pages as $page) { if ($page != $whatsnew && !check_non_list($page)) { $recent_pages[$page] = get_filetime($page); } } // Sort decending order of last-modification date arsort($recent_pages, SORT_NUMERIC); // Cut unused lines // BugTrack2/179: array_splice() will break integer keys in hashtable $count = $maxshow + PKWK_MAXSHOW_ALLOWANCE; $_recent = array(); foreach ($recent_pages as $key => $value) { unset($recent_pages[$key]); $_recent[$key] = $value; if (--$count < 1) { break; } } $recent_pages =& $_recent; // Re-create PKWK_MAXSHOW_CACHE $file = CACHE_DIR . PKWK_MAXSHOW_CACHE; pkwk_touch_file($file); $fp = fopen($file, 'r+') or die_message('Cannot open' . 'CACHE_DIR/' . PKWK_MAXSHOW_CACHE); set_file_buffer($fp, 0); @flock($fp, LOCK_EX); $last = ignore_user_abort(1); ftruncate($fp, 0); rewind($fp); foreach ($recent_pages as $page => $time) { fputs($fp, $time . "\t" . $page . "\n"); } ignore_user_abort($last); @flock($fp, LOCK_UN); @fclose($fp); // Create RecentChanges $file = get_filename($whatsnew); pkwk_touch_file($file); $fp = fopen($file, 'r+') or die_message('Cannot open ' . htmlspecialchars($whatsnew)); set_file_buffer($fp, 0); @flock($fp, LOCK_EX); $last = ignore_user_abort(1); ftruncate($fp, 0); rewind($fp); foreach (array_keys($recent_pages) as $page) { $time = $recent_pages[$page]; // $s_lastmod = htmlspecialchars(format_date($time)); $s_lastmod = '&epoch(' . $time . ');'; $s_page = htmlspecialchars($page); fputs($fp, '-' . $s_lastmod . ' - [[' . $s_page . ']]' . "\n"); } fputs($fp, '#norelated' . "\n"); // :) ignore_user_abort($last); @flock($fp, LOCK_UN); @fclose($fp); // For AutoLink if ($autolink) { autolink_pattern_write(CACHE_DIR . PKWK_AUTOLINK_REGEX_CACHE, get_autolink_pattern($pages, $autolink)); } // AutoBaseAlias if ($autobasealias) { autobasealias_write(CACHE_DIR . PKWK_AUTOBASEALIAS_CACHE, $pages); } }
/** * Dump the PukiWiki output of a page into a html file * * @param string $page Pagename * @param string $file Filename to be dumped. Default is computed from $page. * @param boolean $overwrite Force to overwrite. Default overwrites if $page is newer than $file * @param boolean $notimestamp Do not change timestamp for dumped file * @return mixed * TRUE : Success * FALSE: Failure * -1 : It is already up2date * -2 : Exit by read-restriction * -3 : Exit because statichtml USER_AGENT called statichtml again (infinite loop) */ function dump_page($page, $file = null, $overwrite = FALSE, $notimestamp = FALSE) { // statichtml USER_AGENT should not call statichtml again (avoid infinite loop) if (isset($GLOBALS['vars'][$this->plugin])) { return -3; } // Initialization if (!isset($file)) { $file = $this->get_dump_filename($page); } if (!is_page($page)) { if (file_exists($file)) { pkwk_chown($file); @unlink($file); } return TRUE; } // Up2date? if (!$overwrite && !is_page_newer($page, $file)) { return -1; } // Try to create dir $dir = dirname($file); if (isset($GLOBALS['PLUGIN_STATICHTML_MKDIR_CGI'])) { $error = file_get_contents($GLOBALS['PLUGIN_STATICHTML_MKDIR_CGI'] . '&mode=0777&dir=' . $dir); if ($error != '1') { $this->error = 'Failed to create ' . $dir . ' directory.'; return FALSE; } } else { if (r_mkdir($dir) === FALSE) { $this->error = 'Failed to create ' . $dir . ' directory.'; return FALSE; } } // Get contents if (is_read_auth($page) && !$this->CONF['readauth']) { return -2; // Do not read read-restriction pages } if (($contents = $this->http_pkwk_output($page)) === FALSE) { return -2; // HTTP GET failure (mostly because of read-restriction) } // Write $filemtime = file_exists($file) && $notimestamp ? filemtime($file) : FALSE; if (!file_put_contents($file, $contents)) { $this->error = 'Failed to create ' . $file; return FALSE; } if ($notimestamp) { pkwk_touch_file($file, $filemtime, $filemtime); } return TRUE; }
function plugin_pcomment_insert() { global $vars, $now, $_title_updated, $_no_name, $_pcmt_messages; $refer = isset($vars['refer']) ? $vars['refer'] : ''; $page = isset($vars['page']) ? $vars['page'] : ''; $page = get_fullname($page, $refer); if (!is_pagename($page)) { return array('msg' => 'Invalid page name', 'body' => 'Cannot add comment', 'collided' => TRUE); } check_editable($page, true, true); $ret = array('msg' => $_title_updated, 'collided' => FALSE); $msg = str_replace('$msg', rtrim($vars['msg']), PLUGIN_PCOMMENT_FORMAT_MSG); $name = !isset($vars['name']) || $vars['name'] == '' ? $_no_name : $vars['name']; $name = $name == '' ? '' : str_replace('$name', $name, PLUGIN_PCOMMENT_FORMAT_NAME); $date = !isset($vars['nodate']) || $vars['nodate'] != '1' ? str_replace('$now', $now, PLUGIN_PCOMMENT_FORMAT_NOW) : ''; if ($date != '' || $name != '') { $msg = str_replace("" . 'MSG' . "", $msg, PLUGIN_PCOMMENT_FORMAT_STRING); $msg = str_replace("" . 'NAME' . "", $name, $msg); $msg = str_replace("" . 'DATE' . "", $date, $msg); } $reply_hash = isset($vars['reply']) ? $vars['reply'] : ''; if ($reply_hash || !is_page($page)) { $msg = preg_replace('/^\\-+/', '', $msg); } $msg = rtrim($msg); if (!is_page($page)) { $postdata = '[[' . htmlsc(strip_bracket($refer)) . ']]' . "\n\n" . '-' . $msg . "\n"; } else { $postdata = get_source($page); $count = count($postdata); $digest = isset($vars['digest']) ? $vars['digest'] : ''; if (md5(join('', $postdata)) != $digest) { $ret['msg'] = $_pcmt_messages['title_collided']; $ret['body'] = $_pcmt_messages['msg_collided']; } $start_position = 0; while ($start_position < $count) { if (preg_match('/^\\-/', $postdata[$start_position])) { break; } ++$start_position; } $end_position = $start_position; $dir = isset($vars['dir']) ? $vars['dir'] : ''; // Find the comment to reply $level = 1; $b_reply = FALSE; if ($reply_hash != '') { while ($end_position < $count) { $matches = array(); if (preg_match('/^(\\-{1,2})(?!\\-)(.*)$/', $postdata[$end_position++], $matches) && md5($matches[2]) == $reply_hash) { $b_reply = TRUE; $level = strlen($matches[1]) + 1; while ($end_position < $count) { if (preg_match('/^(\\-{1,3})(?!\\-)/', $postdata[$end_position], $matches) && strlen($matches[1]) < $level) { break; } ++$end_position; } break; } } } if ($b_reply == FALSE) { $end_position = $dir == '0' ? $start_position : $count; } // Insert new comment array_splice($postdata, $end_position, 0, str_repeat('-', $level) . $msg . "\n"); if (PLUGIN_PCOMMENT_AUTO_LOG) { $_count = isset($vars['count']) ? $vars['count'] : ''; plugin_pcomment_auto_log($page, $dir, $_count, $postdata); } $postdata = join('', $postdata); } page_write($page, $postdata, PLUGIN_PCOMMENT_TIMESTAMP); if (PLUGIN_PCOMMENT_TIMESTAMP) { if ($refer != '') { pkwk_touch_file(get_filename($refer)); } put_lastmodified(); } return $ret; }
function adm_auth_wkgrp_touch_file2page() { $filetime_auth_wkgrp = filemtime(PKWK_AUTH_WKGRP_FILE); $config_page_name = ':config/' . CONFIG_AUTH_WKGRP; $config_page_filename = get_filename($config_page_name); pkwk_touch_file($config_page_filename, $filetime_auth_wkgrp); }
function qblog_accept_comment($page, $id) { $datafile = CACHEQBLOG_DIR . encode($page) . '.qbcm.dat'; //コメントファイルの承認フラグを立てる $comments = unserialize(file_get_contents($datafile)); if (!isset($comments[$id])) { return FALSE; } $comments[$id]['accepted'] = 1; file_put_contents($datafile, serialize($comments), LOCK_EX); //最新コメントに追加 qblog_update_recent_comment($page); //承認待ちリストから削除 $datafile = CACHEQBLOG_DIR . 'qblog_pending_comments.dat'; $pending_comments = unserialize(file_get_contents($datafile)); $pending_comments = $pending_comments === FALSE ? array() : $pending_comments; foreach ($pending_comments as $i => $comment) { if ($comment['page'] === $page && $comment['id'] == $id) { unset($pending_comments[$i]); break; } } file_put_contents($datafile, serialize($pending_comments), LOCK_EX); //タイムスタンプを更新 pkwk_touch_file(CACHE_DIR . QHM_LASTMOD); return TRUE; }
if ($temp) { if ($die) { $die .= "\n"; } // A breath $die .= _('Define(s) not found: (Maybe the old *.ini.php?)') . "\n" . $temp; } if ($die) { die_message(nl2br("\n\n" . $die)); } unset($die, $temp); ///////////////////////////////////////////////// // 必須のページが存在しなければ、空のファイルを作成する foreach (array($defaultpage, $whatsnew, $interwiki) as $page) { if (!is_page($page)) { pkwk_touch_file(get_filename($page)); } } ///////////////////////////////////////////////// // 外部からくる変数のチェック // Prohibit $_GET attack foreach (array('msg', 'pass') as $key) { if (isset($_GET[$key])) { die_message('Sorry, already reserved: ' . $key . '='); } } // Expire risk unset($HTTP_GET_VARS, $HTTP_POST_VARS); //, 'SERVER', 'ENV', 'SESSION', ... unset($_REQUEST); // Considered harmful
function plugin_counter_get_count($page) { global $vars; static $counters = array(); static $default; static $localtime; if (!isset($localtime)) { list($zone, $zonetime) = set_timezone(DEFAULT_LANG); $localtime = UTIME + $zonetime; } if (!isset($default)) { $default = array('total' => 0, 'date' => gmdate('Y/m/d', $localtime), 'today' => 0, 'yesterday' => 0, 'ip' => ''); } if (!is_page($page)) { return $default; } if (isset($counters[$page])) { return $counters[$page]; } // Set default $counters[$page] = $default; $modify = FALSE; // Open $file = COUNTER_DIR . encode($page) . PLUGIN_COUNTER_SUFFIX; pkwk_touch_file($file); $fp = fopen($file, 'r+') or die('counter.inc.php: Cannot open COUTER_DIR/' . basename($file)); set_file_buffer($fp, 0); @flock($fp, LOCK_EX); rewind($fp); // Read foreach ($default as $key => $val) { // Update $counters[$page][$key] = rtrim(fgets($fp, 256)); if (feof($fp)) { break; } } // Anothoer day? if ($counters[$page]['date'] != $default['date']) { $modify = TRUE; $yesterday = gmmktime(0, 0, 0, gmdate('m', $localtime), gmdate('d', $localtime) - 1, gmdate('Y', $localtime)); $is_yesterday = $counters[$page]['date'] == gmdate('Y/m/d', $yesterday); $counters[$page]['ip'] = $_SERVER['REMOTE_ADDR']; $counters[$page]['date'] = $default['date']; $counters[$page]['yesterday'] = $is_yesterday ? $counters[$page]['today'] : 0; $counters[$page]['today'] = 1; $counters[$page]['total']++; } else { if ($counters[$page]['ip'] != $_SERVER['REMOTE_ADDR']) { // Not the same host $modify = TRUE; $counters[$page]['ip'] = $_SERVER['REMOTE_ADDR']; $counters[$page]['today']++; $counters[$page]['total']++; } } // Modify if ($modify && $vars['cmd'] == 'read') { rewind($fp); ftruncate($fp, 0); foreach (array_keys($default) as $key) { fputs($fp, $counters[$page][$key] . "\n"); } } // Close @flock($fp, LOCK_UN); fclose($fp); return $counters[$page]; }