function plugin_pcomment_action()
{
global $vars, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'));
}
if (!isset($vars['msg']) || empty($vars['msg'])) {
return array();
}
// Validate
if (is_spampost(array('msg'))) {
Utility::dump();
return array('msg' => '', 'body' => '');
// Do nothing
}
$refer = isset($vars['refer']) ? $vars['refer'] : '';
if (!is_page($refer) && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'));
}
$retval = plugin_pcomment_insert();
if ($retval['collided']) {
$vars['page'] = $refer;
return $retval;
}
$hash = isset($vars['reply']) ? '#pcmt' . Utility::htmlsc($vars['reply']) : '';
Utility::redirect(get_page_location_uri($refer) . $hash);
}
function plugin_newpage_action()
{
global $vars, $_string, $_newpage_messages;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), '', 403);
}
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), '', 403);
}
if (!isset($vars['page'])) {
$retvars['msg'] = $_newpage_messages['title'];
$retvars['body'] = plugin_newpage_convert();
return $retvars;
} else {
$page = Utility::stripNullBytes($vars['page']);
if (isset($vars['refer'])) {
$r_page = Utility::getPageName($page, $vars['refer']);
$r_refer = 'refer=' . $vars['refer'];
} else {
$r_page = $page;
$r_refer = '';
}
Utility::redirect(get_page_location_uri($r_page, $r_refer));
exit;
}
}
function plugin_showrss_action()
{
global $vars, $cache;
// if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibit this');
if (Auth::check_role('safemode')) {
Utility::dieMessage('PKWK_SAFE_MODE prohibits this');
}
if ($vars['feed']) {
// ajaxによる読み込み
$target = $vars['feed'];
list($data, $time, $reason) = plugin_showrss_get_rss($vars['feed'], 1, true);
$header = Header::getHeaders('aplication/xml', $time);
if (empty($reason)) {
Header::writeResponse($header, Response::STATUS_CODE_200, $data);
} else {
// とりあえずXMLでエラー
Header::writeResponse($header, Response::STATUS_CODE_200, '<?xml version="1.0" encoding="UTF-8"?><response><error>1</error><message>' . Utility::htmlsc($reason) . '</message></response>');
}
exit;
}
$body = '';
foreach (array('xml', 'mbstring') as $extension) {
${$extension} = extension_loaded($extension) ? '&color(green){Found};' : '&color(red){Not found};';
$body .= '| ' . $extension . ' extension | ' . ${$extension} . ' |' . "\n";
}
return array('msg' => 'showrss_info', 'body' => convert_html($body));
}
function plugin_comment_action()
{
global $vars, $post, $_comment_messages;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
die_message(sprintf($_comment_messages['err_prohibit'], 'PKWK_READONLY'));
}
if (!is_page($vars['refer']) && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_comment_messages['err_prohibit'], 'PKWK_CREATE_PAGE'));
}
return plugin_comment_write();
}
function plugin_add_action()
{
global $get, $post, $vars, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage($_string['prohibit']);
}
$page = isset($vars['page']) ? $vars['page'] : '';
$wiki = Factory::Wiki($page);
$wiki->checkEditable();
$get['add'] = $post['add'] = $vars['add'] = TRUE;
return array('msg' => _("Add to \$1"), 'body' => '<ul>' . "\n" . ' <li>' . T_('Two and the contents of an input are added for a new-line to the contents of a page of present addition.') . '</li>' . "\n" . '</ul>' . "\n" . edit_form($page, ''));
}
/**
* 書き込み
* @global boolean $notify
* @global boolean $notify_diff_only
* @param string $str
*/
public function set($diffdata = '', $keeptimestamp = false)
{
global $notify, $notify_diff_only, $notify_subject;
// 差分を作成
//$diff = new Diff(WikiFactory::Wiki($this->page)->source(true), explode("\n",$postdata));
//$str = $diff->getDiff();
if ($notify) {
$str = $notify_diff_only ? preg_replace('/^[^-+].*\\n/m', '', $diffdata) : $diffdata;
$summary = array('ACTION' => 'Page update', 'PAGE' => &$page, 'URI' => Router::get_script_uri() . '?' . rawurlencode($page), 'USER_AGENT' => TRUE, 'REMOTE_ADDR' => TRUE);
Mailer::notify($notify_subject, $str, $summary) or Utility::dieMessage('Mailer::notify(): Failed');
}
parent::set($diffdata);
}
function plugin_links_action()
{
global $post, $vars, $foot_explain;
global $_links_messages, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
if (Auth::check_role('readonly')) {
Utility::dieMessage($_string['error_prohibit']);
}
$msg = $_links_messages['title_update'];
$admin_pass = empty($post['adminpass']) ? null : $post['adminpass'];
if (isset($vars['execute']) && $vars['execute'] === 'true') {
if (!Auth::check_role('role_contents_admin') || Auth::login($admin_pass)) {
// $force = (isset($post['force']) && $post['force'] === 'on') ? true : false;
$links = new Relational('');
$links->init();
return array('msg' => $msg, 'body' => $_links_messages['msg_done']);
} else {
$msg = $_links_messages['msg_error'];
}
}
$body = RendererFactory::factory(sprintf($_links_messages['msg_usage1']));
$script = Router::get_script_uri();
if (Auth::check_role('role_contents_admin')) {
$body .= RendererFactory::factory(sprintf($_links_messages['msg_usage2']));
}
$body .= <<<EOD
<form method="post" action="{$script}" class="form-inline plugin-links-form">
\t<input type="hidden" name="cmd" value="links" />
\t<input type="hidden" name="execute" value="true" />
EOD;
if (Auth::check_role('role_contents_admin')) {
$body .= <<<EOD
\t<div class="form-group">
\t\t<label for="_p_links_adminpass" class="sr-only">{$_links_messages['msg_adminpass']}</label>
\t\t<input type="password" name="adminpass" id="_p_links_adminpass" class="form-control" size="20" value="" placeholder="{$_links_messages['msg_adminpass']}" />
\t</div>
EOD;
}
$body .= <<<EOD
\t<!--div class="checkbox">
\t\t<input type="checkbox" name="force" id="_c_force" />
\t\t<label for="_c_force">{$_links_messages['btn_force']}</label>
\t</div-->
\t<input type="submit" class="btn btn-primary" value="{$_links_messages['btn_submit']}" />
</form>
EOD;
return array('msg' => $msg, 'body' => $body);
}
function plugin_source_action()
{
global $vars;
//, $_source_messages;
// if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibits this');
if (Auth::check_role('safemode')) {
Utility::dieMessage('PKWK_SAFE_MODE prohibits this');
}
$page = isset($vars['page']) ? $vars['page'] : '';
$vars['refer'] = $page;
$wiki = Factory::Wiki($page);
if (!$wiki->isValied() || !$wiki->isReadable()) {
return array('msg' => T_(' $1 was not found.'), 'body' => T_('cannot display the page source.'));
}
$source = $wiki->get(true);
Auth::is_role_page($source);
return array('msg' => T_('Source of $1'), 'body' => '<pre class="sh sunlight-highlight-plain">' . Utility::htmlsc($source) . '</pre>');
}
public static function check($postdata)
{
global $akismet_api_key;
$akismet = new ZendService\Akismet($akismet_api_key, Router::get_script_absuri());
if ($akismet->verifyKey($akismet_api_key)) {
// 送信するデーターをセット
$akismet_post = array('user_ip' => Utility::getRemoteIp(), 'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null, 'comment_type' => 'comment', 'comment_author' => isset($vars['name']) ? $vars['name'] : self::DEFAULT_USER_NAME);
if ($use_spam_check['akismet'] === 2) {
$akismet_post['comment_content'] = $postdata;
} else {
// 差分のみをAkismetに渡す
$akismet_post['comment_content'] = $addedata;
}
if ($akismet->isSpam($akismet_post)) {
Utility::dieMessage('Writing was limited by Akismet (Blocking SPAM).', $_title['prohibit'], 400);
}
} else {
Utility::dieMessage('Akismet API key does not valied.', 500);
}
}
/**
* POST action via inline plugin
*/
function action_inline()
{
global $vars, $defaultpage, $_string;
if (Auth::check_role('readonly')) {
die_message('PKWK_READONLY prohibits editing');
}
$page = isset($vars['refer']) ? $vars['refer'] : $defaultpage;
$pcmd = $vars['pcmd'];
$vote_id = $vars['vote_id'];
$vars['page'] = $page;
$choice_id = $vars['choice_id'];
$wiki = Factory::Wiki($page);
if ($this->is_continuous_vote($page, $pcmd, $vote_id)) {
return array('msg' => T_('Error in vote'), 'body' => T_('Continuation vote cannot be performed.'));
}
// parse contents of wiki page and get update
$lines = $wiki->get();
list($linenum, $newline, $newtext, $newvotes) = $this->get_update_inline($lines, $vote_id, $choice_id);
if ($linenum === false) {
Utility::dieMessage(T_('There was no matching vote. '));
}
$newlines = $lines;
$newlines[$linenum] = $newline;
$newcontents = implode('', $newlines);
// collision check
if ($wiki->digest() !== $vars['digest']) {
$msg = $_string['title_collided'];
$body = $this->show_preview_form($_string['msg_collided'], $newline);
return array('msg' => $msg, 'body' => $body);
}
$wiki->set($newcontents, TRUE);
// notimestamp
$this->update_recent_voted($page, $pcmd, $vote_id, $choice_id, $newvotes);
//static in convert() was somehow wierd if return(msg=>'',body=>'');
//$msg = $_string['updated'];
//$body = '';
//return array('msg'=>$msg, 'body'=>$body);
$anchor = $this->get_anchor($pcmd, $vote_id);
Utility::redirect($wiki->uri() . '#' . $anchor);
exit;
}
function plugin_openid_finish_auth($consumer)
{
global $vars, $_openid_msg;
$obj_verify = new AuthOpenIdVerify();
$session_verify = $obj_verify->getSession();
//$session_verify['server_url']
//$session_verify['local_id']
$page = empty($session_verify['page']) ? '' : rawurldecode($session_verify['page']);
$author = empty($session_verify['author']) ? '' : rawurldecode($session_verify['author']);
$obj_verify->unsetSession();
$return_to = get_page_location_uri($page);
$response = $consumer->complete($return_to);
/*
echo '<pre>';
var_dump($response);
die();
*/
switch ($response->status) {
case Auth_OpenID_CANCEL:
Utility::dieMessage($_openid_msg['err_cancel']);
case Auth_OpenID_FAILURE:
Utility::dieMessage($_openid_msg['err_failure'] . $response->message);
case Auth_OpenID_SUCCESS:
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
$sreg = $sreg_resp->contents();
// $sreg['email'], $sreg['nickname'], $sreg['fullname']
if (!isset($sreg['nickname'])) {
if (PLUGIN_OPENID_NO_NICKNAME) {
$sreg['nickname'] = 'anonymouse';
} else {
Utility::dieMessage($_openid_msg['err_nickname']);
}
}
$obj = new AuthOpenId();
$obj->response = $sreg;
// その他の項目を引き渡す
$obj->response['author'] = $author;
$obj->response['local_id'] = !empty($response->endpoint->local_id) ? $response->endpoint->local_id : $response->endpoint->claimed_id;
$obj->response['identity_url'] = $response->getDisplayIdentifier();
$obj->setSession();
break;
}
// オリジナルの画面に戻る
header('Location: ' . get_page_location_uri($page));
}
function attach_showform()
{
global $vars, $_attach_messages, $_string;
if (Auth::check_role('safemode')) {
die_message($_string['prohibit']);
}
$page = isset($vars['page']) ? $vars['page'] : null;
if (empty($page)) {
Utility::dieMessage('Page name is not defined');
}
$isEditable = Factory::Wiki($page)->isEditable();
$vars['refer'] = $page;
$html = array();
if (!IS_AJAX) {
$attach_list = attach_list($page);
$html[] = '<p><small>[<a href="' . Router::get_cmd_uri('attach', null, null, array('pcmd' => 'list')) . '">' . $_attach_messages['msg_listall'] . '</a>]</small></p>';
if ($isEditable) {
$html[] = '<h2>' . str_replace('$1', $page, $_attach_messages['msg_upload']) . '</h2>' . "\n";
$html[] = attach_form($page);
}
$html[] = '<h2>' . str_replace('$1', $page, $_attach_messages['msg_listpage']) . '</h2>' . "\n";
$html[] = $attach_list['body'];
} else {
$html[] = '<div class="tabs" role="application">';
$html[] = '<ul role="tablist">';
if ($isEditable) {
$html[] = '<li role="tab"><a href="' . Router::get_cmd_uri('attach', null, null, array('pcmd' => 'form', 'refer' => $page)) . '">' . str_replace('$1', $_attach_messages['msg_thispage'], $_attach_messages['msg_upload']) . '</a></li>';
}
$html[] = '<li role="tab"><a href="' . Router::get_cmd_uri('attach', null, null, array('pcmd' => 'list', 'refer' => $page)) . '">' . str_replace('$1', $_attach_messages['msg_thispage'], $_attach_messages['msg_listpage']) . '</a></li>';
$html[] = '</ul>';
$html[] = '</div>';
}
return array('msg' => $_attach_messages['msg_upload'], 'body' => join("\n", $html));
}
function plugin_edit_action()
{
// global $vars, $_title_edit, $load_template_func;
global $vars, $load_template_func, $_string, $_edit_msg;
$page = isset($vars['page']) ? $vars['page'] : null;
if (empty($page)) {
return array('msg' => $_edit_msg['msg_edit'], 'body' => $_edit_msg['err_empty_page']);
}
$wiki = Factory::Wiki($page);
if (!$wiki->isEditable(true)) {
Utility::dieMessage($_string['err_empty_page'], 403);
}
// if (PKWK_READONLY) die_message( sprintf($_string['error_prohibit'], 'PKWK_READONLY') );
if (Auth::check_role('readonly')) {
Utility::dieMessage($_string['error_prohibit'], 403);
}
if (PKWK_READONLY == Auth::ROLE_AUTH && Auth::get_role_level() > Auth::ROLE_AUTH) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), 403);
}
if (isset($vars['realview'])) {
return plugin_edit_realview();
}
if (!$wiki->has() && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), 403);
}
if (preg_match($wiki::INVALIED_PAGENAME_PATTERN, $page)) {
Utility::dieMessage($_string['illegal_chars']);
}
if (isset($vars['preview']) || $load_template_func && isset($vars['template'])) {
return plugin_edit_preview();
} else {
if (isset($vars['write'])) {
return plugin_edit_write();
} else {
if (isset($vars['cancel'])) {
return plugin_edit_cancel();
}
}
}
$postdata = $vars['original'] = $wiki->get(true);
Auth::is_role_page($postdata);
if (isset($vars['id']) && !empty($vars['id'])) {
$source = $wiki->get();
$postdata = plugin_edit_parts($vars['id'], $source);
if ($postdata === FALSE) {
unset($vars['id']);
// なかったことに :)
$postdata = $vars['original'];
}
}
if (empty($postdata)) {
// Check Page name length
// http://pukiwiki.sourceforge.jp/dev/?PukiWiki%2F1.4%2F%A4%C1%A4%E7%A4%C3%A4%C8%CA%D8%CD%F8%A4%CB%2F%C4%B9%A4%B9%A4%AE%A4%EB%A5%DA%A1%BC%A5%B8%CC%BE%A4%CE%A5%DA%A1%BC%A5%B8%A4%CE%BF%B7%B5%AC%BA%EE%C0%AE%A4%F2%CD%DE%BB%DF
$filename_max_length = 250;
$filename = Utility::encode($page) . '.txt';
$filename_length = strlen($filename);
if ($filename_length > $filename_max_length) {
// Filename too long
return array('msg' => $_edit_msg['title_edit'], 'body' => join("\n", array('<p class="alert alert-warning"><span class="fa fa-exclamation-triangle"></span>' . $_edit_msg['err_long'], '</p>', '<dl class="dl-horizontal">', '<dt>Page name</dt>', '<dd>' . Utility::htmlsc($page) . '</dd>', '<dt>Filename</dt>', '<dd>' . $filename . '</dd>', '<dt>Filename length</dt>', '<dd>' . $filename_length . '</dd>', '<dt>Filename limit</dt>', '<dd>' . $filename_max_length . '</dd>', '</dl>')));
} else {
$postdata = $wiki->auto_template();
}
}
return array('msg' => sprintf($_edit_msg['title_edit'], $page), 'body' => Utility::editForm($page, $postdata));
}
function plugin_table_edit2_action()
{
global $vars, $post, $auth_users, $_string;
$table_num = $vars['table_num'];
$page = isset($vars['refer']) ? $vars['refer'] : null;
if (empty($page)) {
Utility::dieMessage('Page name is null.');
}
$wiki = Factory::Wiki($page);
if (is_freeze($page)) {
check_editable($page, true, true);
}
if ($wiki->isFreezed()) {
$wiki->checkEditable(true);
}
// Cancel
$anchr_jump = PLUGIN_TABLE_EDIT2_ANCHR_JUMP ? '#TableEdit2TableNumber' . $table_num : '';
if (isset($vars['cancel'])) {
Utility::redirect($wiki->uri() . $anchr_jump);
exit;
}
$line_count = 1;
$table_sub_num = 1;
//td
$table_sub_num_chk = 1;
//td
$setting = 0;
$import = $export = $csv_cancel = 0;
$edit_mod = isset($vars['edit_mod']) ? $vars['edit_mod'] : '';
$td_edit = $edit_mod == 't_edit_td' || $edit_mod == 'td' ? 1 : 0;
$tr_edit = $edit_mod == 't_edit' || $edit_mod == 'tr' ? 1 : 0;
$t_edit = $edit_mod == 't_edit_td' || $edit_mod == 't_edit' ? 1 : 0;
$edit_show = $edit_mod == 'tdshow' || $edit_mod == 'show' ? 1 : 0;
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$spam = FALSE;
if (!function_exists('honeypot_write') && $t_edit) {
$spam = plugin_table_edit2_spam($post['encode_hint']);
}
if ($spam) {
return plugin_table_edit2_honeypot();
}
if (Auth::check_role('readonly')) {
die_message('PKWK_READONLY prohibits editing');
}
if (PLUGIN_TABLE_EDIT2_HTTP_REFERER) {
if (!function_exists('path_check')) {
if (!preg_match('/^(' . $script_uri . ')/', $_SERVER['HTTP_REFERER'])) {
return;
}
} else {
if (!path_check($script_uri, $_SERVER['HTTP_REFERER'])) {
return;
}
}
}
if ($edit_mod === 'setting') {
$set = new TableEdit2SettingWrite($vars);
if (!$set->sc) {
return $set->error;
}
$setting = 1;
unset($vars['table_mod']);
}
$notimestamp = FALSE;
if (isset($vars['csv_mod']) || isset($vars['ex_cancel']) || isset($vars['im_cancel']) || isset($vars['set_csv']) || isset($vars['csv_back'])) {
$csv = new TableEdit2CsvAction();
if (isset($vars['csv_mod']) && $vars['csv_mod'] === 'import') {
$csv->csv_import($vars);
$import = 1;
} else {
if (isset($vars['csv_mod']) && $vars['csv_mod'] === 'export') {
$export = 1;
$csv_export_data = array();
} else {
if (isset($vars['ex_cancel']) || isset($vars['im_cancel'])) {
$csv_cancel = 1;
$notimestamp = TRUE;
} else {
if (isset($vars['set_csv'])) {
$set_csv = 1;
$notimestamp = TRUE;
} else {
if (isset($vars['csv_back'])) {
if (PLUGIN_TABLE_EDIT2_CSV_UNLINK) {
$con = new TableEdit2CsvConversion($page, array('name' => $vars['file_name']));
unlink($con->filename);
unlink($con->logname);
}
Utility::redirect($wiki->uri());
exit;
} else {
return array('msg' => 'csv error', 'body' => 'csv option error');
// . join("\n", $csv_data)
}
}
}
}
}
}
if (isset($vars['table_mod'])) {
$chg = new TableEdit2TableMod($vars['table_mod']);
}
if ($td_edit || $tr_edit) {
$edit = new TableEdit2Edit($vars);
}
if ($edit_show) {
$show = new TableEdit2Show($vars, $page);
}
$args = get_source($page);
static $count = 0;
$source_s = '';
$body = '';
$row_title = 0;
$td_title_count = 0;
if ($td_edit || $tr_edit || $setting || $import) {
$notimestamp = isset($vars['notimestamp']) ? TRUE : FALSE;
}
foreach ($wiki->get() as $args_key => $args_line) {
if (preg_match('/^#([^\\(\\{]+)(?:\\(([^\\r]*)\\))?(\\{*)/', $args_line, $matches) !== FALSE) {
if (isset($matches[1]) && ($matches[1] == 'table_edit2' || $matches[1] == "table_edit2\n")) {
$table_find = 1;
$count++;
if ($line_count === 1 && $count == $table_num) {
if (preg_match('/auth_check[=_](on|off)/i', $matches[2], $auth_check)) {
if ($auth_check[1] == 'on') {
if (!auth::auth_pw($auth_users)) {
$user = TableEdit2Auth::basic_auth();
if (empty($user)) {
return;
}
}
}
} else {
check_editable($page, true, true);
}
if ($setting) {
$args_line = $set->plugin_set_opt($matches[3]);
}
if ($import) {
$args_line = $csv->import_data_set($matches[2], $matches[3]);
}
if (isset($vars['ex_cancel'])) {
$args_line = $csv->cancel($matches[2], $matches[3], 'export');
}
if (isset($vars['im_cancel'])) {
$args_line = $csv->cancel($matches[2], $matches[3], 'import');
}
if (isset($set_csv)) {
$args_line = $csv->set_csv_opt($matches[2], $matches[3], $vars['set_csv']);
}
if ($edit_mod == 'tdshow') {
//tdshow - td_title - 06.11.11
if (preg_match('/title_c=(\\d+)/i', $matches[2], $match_title)) {
$td_title_count = $match_title[1] - 1;
}
}
if ($edit_mod == 'show') {
//show header
if (preg_match('/title_r=(\\d+)/i', $matches[2], $m_row_title)) {
$row_title = $m_row_title[1];
}
}
if ($edit_show) {
$show->text_type($matches[2]);
}
if (isset($vars['table_mod'])) {
//table_mod
$notimestamp = TRUE;
$args_line = $chg->table_mod_chg($matches, $args_line);
}
}
$end_line = strlen($matches[3]);
}
}
if (isset($end_line) && preg_match('/^\\}{' . $end_line . '}/', $args_line) || !isset($end_line)) {
$table_find = 0;
}
if ($table_find && $table_num == $count && !isset($vars['table_mod']) && !$setting && !$import) {
$table_sub_num_count_chk = 0;
$table_f_chose = preg_match('/^\\|(.+)\\|([hHfFcC]?)$/', $args_line, $match_line) ? 1 : 0;
if ($args_line[0] == ',' && $args_line != ',') {
$table_f_chose = 2;
}
if ($td_edit || $tr_edit) {
$edit->chose = $table_f_chose;
}
if ($table_f_chose) {
if ($table_f_chose === 1) {
$match_t = explode("|", $match_line[1]);
} elseif ($table_f_chose === 2) {
$match_t = csv_explode(',', substr(str_replace("\n", '', $args_line), 1));
$match_line = array(1 => join(',', $match_t), 2 => '');
}
if ($export) {
$csv_export_data[] = $match_line[1];
}
if (isset($vars['table_sub_num']) && $table_sub_num === $vars['table_sub_num'] && $table_sub_num_chk) {
//td 06.09.18
$show->chk_table_sub_first_line = $line_count;
$table_sub_num_chk = 0;
}
if (isset($vars['line_count']) && $vars['line_count'] === $line_count || strtolower($match_line[2]) === 'h' || $edit_mod == 'tdshow' || $td_edit || $row_title) {
// $match_t = explode("|", $match_line[1]);
if ($edit_mod == 'tdshow') {
//tdshow - td_title - 06.11.11
$show->td_title[$line_count] = $match_t[$td_title_count];
}
}
if ($edit_mod == 'show') {
//show header
if ($match_line[2] == 'h' && !$row_title) {
$show->table_header($match_t);
}
if ($line_count == $row_title) {
$show->table_header($match_t);
}
}
if ($vars['line_count'] == $line_count || $table_sub_num == $vars['table_sub_num']) {
// textarea 06.11.12
if ($edit_show) {
if ($show->t_type == 'textarea') {
$show->text_type_textarea(count($match_t));
}
}
}
if ($td_edit && $table_sub_num_chk == 0 && $table_sub_num == $vars['table_sub_num']) {
$source_s .= $edit->td_edit($match_t) . $match_line[2] . "\n";
$table_sub_num_count_chk = 1;
} else {
if (isset($vars['line_count']) && $vars['line_count'] == $line_count && !$td_edit) {
if ($tr_edit) {
//t_edit tr_add
if (isset($vars['add_show']) && $vars['add_show'] === 1) {
$source_s .= $args_line;
if ($edit->chose !== 2) {
$edit->chk_csv_source($args, $args_key);
}
}
$source_s .= $edit->tr_edit($args_line, $match_t, $match_line[2]);
} else {
if ($edit_show) {
//show or tdshow
$show->line_count = $line_count;
$body = $show->show_mod($match_t);
}
}
} else {
if ($edit_mod == 'tdshow') {
//tdshow and edit_td
$show->cells[$line_count] = $match_t;
}
$table_sub_num_count_chk = 1;
//td06.09.18
$source_s .= $args_line;
}
}
$line_count++;
} else {
if ($table_sub_num_count_chk == 1 && substr($args_line, 0, 2) != '//') {
//td
$table_sub_num++;
$table_sub_num_count_chk = 0;
}
$source_s .= $args_line;
}
} else {
$source_s .= $args_line . "\n";
}
}
if ($export) {
return $csv->csv_export($vars, $csv_export_data);
}
$collision = 0;
if ($tr_edit || $td_edit) {
if (Factory::Wiki($vars['refer'])->digest() !== $vars['digest']) {
global $_string, $_title;
$title = $_title['collided'];
$body = $_string['msg_collided_auto'] . make_pagelink($vars['refer']);
$collision = 1;
}
}
if ($tr_edit || $td_edit || isset($vars['table_mod']) || $setting || $import || $csv_cancel || isset($set_csv)) {
$source = explode("\n", $source_s);
array_pop($source);
// 末尾に余計な改行が入るので削除
// var_dump($source);
// die;
$wiki->set(explode("\n", $source_s), $notimestamp);
}
$get['page'] = $post['page'] = $vars['page'] = $page;
if ($collision) {
return array('msg' => $title, 'body' => $body);
}
if ($edit_show) {
return array('msg' => $show->title, 'body' => $body);
}
//header('Location: ' . $script_uri . '?' . rawurlencode($page) . $anchr_jump);
Utility::redirect($wiki->uri() . $anchr_jump);
exit;
}
/**
* パスワードチェック
* @global type $auth_type
* @return type
*/
public static function check_auth_pw()
{
global $auth_type, $auth_users;
$login = '';
switch ($auth_type) {
case self::AUTH_BASIC:
// BASIC認証
foreach (array('PHP_AUTH_USER', 'AUTH_USER', 'REMOTE_USER', 'LOGON_USER') as $x) {
if (isset($_SERVER[$x]) && !empty($_SERVER[$x])) {
// Digest だったら確実
if (!empty($_SERVER['AUTH_TYPE']) && $_SERVER['AUTH_TYPE'] == 'Digest') {
$user = $_SERVER[$x];
break;
}
// ドメイン認証の確認
$ms = explode('\\', $_SERVER[$x]);
if (count($ms) === 3) {
$user = $ms[2];
// DOMAIN\\USERID
break;
}
// この変数の内容で確定する
$user = $_SERVER[$x];
break;
}
}
if (empty($user)) {
return null;
}
// 未定義ユーザは、サーバ側で認証時または、OSでの認証時のワークグループ接続的なイメージ
if (!isset($auth_users[$user])) {
return $user;
}
// 定義ユーザならパスワードのチェックを行う
$pass = '';
foreach (array('PHP_AUTH_PW', 'AUTH_PASSWORD', 'HTTP_AUTHORIZATION') as $pw) {
//if (! empty($_SERVER[$pw])) return $_SERVER[$x];
if (isset($_SERVER[$pw]) && !empty($_SERVER[$pw])) {
$pass = $_SERVER[$pw];
break;
}
}
if (empty($pass) || empty($auth_users[$user][0])) {
return null;
}
// パスワードが空は除く
$login = self::hash_verify($pass, $auth_users[$user][0]) ? $user : null;
break;
case self::AUTH_DIGEST:
// Digest認証
$data = self::http_digest_parse();
if ($data === false) {
return false;
}
list($scheme, $salt, $role) = self::get_data($data['username'], $auth_users);
if ($scheme !== '{x-digest-md5}') {
Utility::dieMessage('Auth::check_auth_pw(): Digest auth must be password scheme to <var>{x-digest-md5}</var>.');
}
// $A1 = $salt;
$A1 = md5($data['username'] . ':' . $realm . ':' . $auth_users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
if ($data['response'] !== $valid_response) {
unset($_SERVER['PHP_AUTH_DIGEST']);
return false;
}
$login = $data['username'];
break;
case self::AUTH_NTLM:
// NTLM認証
$srv_soft = defined('SERVER_SOFTWARE') ? SERVER_SOFTWARE : $_SERVER['SERVER_SOFTWARE'];
if (substr($srv_soft, 0, 9) !== 'Microsoft') {
Utility::dieMessage('Auth::check_auth_pw() : Your server does not supported to NTLM authenticate.');
}
list(, $login, , ) = self::ntlm_decode();
break;
default:
throw new Exception('Auth::check_auth_pw() : The authentication method does not supported.');
break;
}
return $login;
}
function plugin_md5_show_form($nophrase = FALSE, $value = '')
{
// if (PKWK_SAFE_MODE || PKWK_READONLY) die_message(T_('Prohibited'));
if (Auth::check_role('safemode') || Auth::check_role('readonly')) {
Utility::dieMessage(T_('Prohibited'));
}
if (strlen($value) > Auth::PASSPHRASE_LIMIT_LENGTH) {
Utility::dieMessage(T_('Limit: malicious message length'));
}
if (!empty($value)) {
$value = 'value="' . Utility::htmlsc($value) . '" ';
}
$sha1_enabled = function_exists('sha1');
$sha1_checked = $md5_checked = '';
if ($sha1_enabled) {
$sha1_checked = 'checked="checked" ';
} else {
$md5_checked = 'checked="checked" ';
}
$form = '<p class="alert alert-danger">' . T_("NOTICE: Don't use this feature via untrustful or unsure network") . '</p>' . "\n" . '<hr />' . "\n";
if ($nophrase) {
$form .= '<strong>' . T_("NO PHRASE") . '</strong><br />';
}
$script = get_script_uri();
$form .= <<<EOD
<form action="{$script}" method="get" class="plugin-md5-form">
\t<input type="hidden" name="cmd" value="md5" />
\t<div class="form-group">
\t\t<label for="_p_md5_phrase" class="control-label">Phrase:</label>
\t\t<input type="text" name="phrase" id="_p_md5_phrase" class="form-control" size="60" {$value} />
\t</div>
\t<div class="form-group">
EOD;
if ($sha1_enabled) {
$form .= <<<EOD
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_sha1" value="x-php-sha1" />
\t\t\t<label for="_p_md5_sha1">PHP sha1() !</label>
\t\t</div>
EOD;
}
$form .= <<<EOD
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_md5" value="x-php-md5" />
\t\t\t<label for="_p_md5_md5">PHP md5() !</label>
\t\t</div>
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_pwdh" value="x-php-password" />
\t\t\t<label for="_p_md5_pwdh">PHP password_hash()</label>
\t\t</div>
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_crpt" value="x-php-crypt" />
\t\t\t<label for="_p_md5_crpt">PHP crypt() *</label>
\t\t</div>
EOD;
if ($sha1_enabled) {
$form .= <<<EOD
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_lssha" value="SSHA" {$sha1_checked}/>
\t\t\t<label for="_p_md5_lssha">LDAP SSHA (sha-1 with a seed) *!</label>
\t\t</div>
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_lsha" value="SHA" />
\t\t\t<label for="_p_md5_lsha">LDAP SHA (sha-1) !</label>
\t\t</div>
EOD;
}
$form .= <<<EOD
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_lsmd5" value="SMD5" {$md5_checked}/>
\t\t\t<label for="_p_md5_lsmd5">LDAP SMD5 (md5 with a seed) *!</label>
\t\t</div>
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_lmd5" value="MD5" />
\t\t\t<label for="_p_md5_lmd5">LDAP MD5 !</label>
\t\t</div>
\t\t<div class="radio">
\t\t\t<input type="radio" name="scheme" id="_p_md5_lcrpt" value="CRYPT" />
\t\t\t<label for="_p_md5_lcrpt">LDAP CRYPT *</label>
\t\t</div>
\t\t<div class="checkbox">
\t\t\t<input type="checkbox" name="prefix" id="_p_md5_prefix" checked="checked" />
\t\t\t<label for="_p_md5_prefix">Add scheme prefix (RFC2307, Using LDAP as NIS)</label>
\t\t</div>
\t</div>
\t<div class="form-group">
\t\t<label for="_p_md5_salt" class="control-label">Salt, '{scheme}', '{scheme}salt', or userPassword itself to specify:</label>
\t\t<input type="text" name="salt" id="_p_md5_salt" size="60" class="form-control" />
\t</div>
\t<div class="form-group">
\t\t<input type="submit" class="btn btn-info" value="Compute" />
\t</div>
\t<p>* = Salt enabled</p>
\t<p>! = No longer safe</p>
</form>
EOD;
return $form;
}
/**
* ページを書き込む
* @param string $str 書き込むデーター
* @param boolean $notimestamp タイムスタンプを更新するかのフラグ
* @return void
*/
public function set($str, $keeptimestamp = false)
{
global $use_spam_check, $_string, $vars, $_title, $whatsnew, $whatsdeleted;
// roleのチェック
if (Auth::check_role('readonly')) {
return;
}
// Do nothing
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_strings['error_prohibit'], 'PKWK_READONLY'), 403);
}
// 簡易スパムチェック(不正なエンコードだった場合ここでエラー)
if (isset($vars['encode_hint']) && $vars['encode_hint'] !== PKWK_ENCODING_HINT) {
Utility::dump();
Utility::dieMessage($_string['illegal_chars'], 403);
}
// ポカミス対策:配列だった場合文字列に変換
if (is_array($str)) {
$str = join("\n", $str);
}
// 入力データーを整形(※string型です)
$postdata = Rules::make_str_rules($str);
// 過去のデーターを取得
$oldpostdata = self::has() ? self::get(TRUE) : '';
// 差分を生成(ここでの差分データーはAkismetでも使う)
$diff = new Diff($oldpostdata, $postdata);
$diffobj = new LineDiff();
$diffdata = $diffobj->str_compare($oldpostdata, $postdata);
// ログイン済みもしくは、自動更新されるページである
$has_not_permission = Auth::check_role('role_contents_admin');
// 未ログインの場合、S25Rおよび、DNSBLチェック
if ($has_not_permission) {
$ip_filter = new IpFilter();
//if ($ip_filter->isS25R()) Utility::dieMessage('S25R host is denied.');
// 簡易スパムチェック
if (Utility::isSpamPost()) {
Utility::dump();
Utility::dieMessage('Writing was limited. (Blocking SPAM)');
}
if (isset($use_spam_check['page_remote_addr']) && $use_spam_check['page_remote_addr'] !== 0) {
// DNSBLチェック
$listed = $ip_filter->checkHost();
if ($listed !== false) {
Utility::dump('dnsbl');
Utility::dieMessage(sprintf($_strings['prohibit_dnsbl'], $listed), $_title['prohibit'], 400);
}
}
if (isset($use_spam_check['page_contents']) && $use_spam_check['page_contents'] !== 0) {
// URLBLチェック
$reason = self::checkUriBl($diff);
if ($reason !== false) {
Utility::dump($reason);
Utility::dieMessage($_strings['prohibit_uribl'], $_title['prohibit'], 400);
}
}
// 匿名プロクシ
if ($use_spam_check['page_write_proxy'] && ProxyChecker::is_proxy()) {
Utility::dump('proxy');
Utility::dieMessage($_strings['prohibit_proxy'], $_title['prohibit'], 400);
}
// Akismet
global $akismet_api_key;
if (isset($use_spam_check['akismet']) && $use_spam_check['akismet'] !== 0 && !empty($akismet_api_key)) {
$akismet = new Akismet($akismet_api_key, Router::get_script_absuri());
if ($akismet->verifyKey($akismet_api_key)) {
// 送信するデーターをセット
$akismet_post = array('user_ip' => REMOTE_ADDR, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'comment_type' => 'comment', 'comment_author' => isset($vars['name']) ? $vars['name'] : 'Anonymous', 'comment_content' => $postdata);
// if ($use_spam_check['akismet'] === 1){
// // 差分のみをAkismetに渡す
// foreach ($diff->getSes() as $key=>$line){
// if ($key !== $diff::SES_ADD) continue;
// $added_data[] = $line;
// }
// $akismet_post['comment_content'] = join("\n",$added_data);
// unset($added_data);
// }
if ($akismet->isSpam($akismet_post)) {
Utility::dump('akismet');
Utility::dieMessage($_strings['prohibit_akismet'], $_title['prohibit'], 400);
}
} else {
Utility::dieMessage('Akismet API key does not valied.', 500);
}
}
// captcha check
if (isset($use_spam_check['captcha']) && $use_spam_check['captcha'] !== 0) {
Captcha::check(false);
}
}
// 現時点のページのハッシュを読む
$old_digest = $this->wiki->has() ? $this->wiki->digest() : 0;
// オリジナルが送られてきている場合、Wikiへの書き込みを中止し、競合画面を出す。
// 現時点のページのハッシュと、送信されたページのハッシュを比較して異なる場合、
// 自分が更新している間に第三者が更新した(=競合が起きた)と判断する。
$collided = isset($vars['digest']) && $old_digest !== 0 && $vars['digest'] !== $old_digest;
if ($collided && isset($vars['original'])) {
return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided'] . Utility::showCollision($oldpostdata, $postdata, $vars['original']) . Utility::editForm($this->page, $postdata, false));
}
// add client info to diff
// $diffdata[] = '// IP:"'. REMOTE_ADDR . '" TIME:"' . UTIME . '" REFERER:"' . $referer . '" USER_AGENT:"' . $user_agent. "\n";
FileFactory::Diff($this->page)->set($diffdata);
unset($oldpostdata, $diff, $diffdata);
// Logging postdata (Plus!)
if (self::POST_LOGGING === TRUE) {
Utility::dump(self::POST_LOG_FILENAME);
}
// 入力が空の場合、削除とする
if (empty($str)) {
// Wikiページを削除
$ret = $this->wiki->set('');
Recent::set($this->page, true);
} else {
// Wikiを保存
$ret = $this->wiki->set($postdata, $keeptimestamp);
// 最終更新を更新
Recent::set($this->page);
}
if ($this->page !== $whatsnew || $this->page !== $whatsdeleted || !$this->isHidden()) {
// バックアップを更新
Factory::Backup($this->page)->set();
// 更新ログをつける
LogFactory::factory('update', $this->page)->set();
if (!$keeptimestamp && !empty($str)) {
// weblogUpdates.pingを送信
$ping = new Ping($this->page);
$ping->send();
}
}
// 簡易競合チェック
if ($collided) {
return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided_auto']);
}
}
function plugin_backup_action()
{
global $vars, $do_backup, $_string, $_button;
global $_backup_messages;
if (!$do_backup) {
return;
}
$page = isset($vars['page']) ? $vars['page'] : null;
$action = isset($vars['action']) ? $vars['action'] : null;
$s_age = isset($vars['age']) && is_numeric($vars['age']) ? $vars['age'] : 0;
/**
* if page is not set, show list of backup files
*/
if (!$page) {
return array('msg' => $_backup_messages['title_backuplist'], 'body' => plugin_backup_get_list_all());
}
$wiki = Factory::Wiki($page);
$is_page = $wiki->has();
$s_page = Utility::htmlsc($page);
$r_page = rawurlencode($page);
$backups = Factory::Backup($page)->get();
$msg = $_backup_messages['msg_backup'];
if ($s_age > count($backups)) {
$s_age = count($backups);
}
$body = '';
$wiki->checkReadable();
if ($s_age <= 0) {
return array('msg' => $_backup_messages['title_pagebackuplist'], 'body' => plugin_backup_get_list($page));
}
$body .= '<div class="panel panel-default">';
$body .= plugin_backup_get_list($page);
$body .= '</div>' . "\n";
if ($action) {
$data = join("\n", $backups[$s_age]['data']);
Auth::is_role_page($data);
switch ($action) {
case 'delete':
/**
* 指定された世代を確認。指定されていなければ、一覧のみ表示
*/
// checkboxが選択されずにselectdeleteを実行された場合は、削除処理をしない
if (!isset($vars['selectages']) && isset($vars['selectdelete'])) {
// 選択削除ボタンが押された
// 何もしない
} else {
if (!isset($vars['selectages'])) {
// 世代引数がない場合は全削除
return plugin_backup_delete($page);
}
return plugin_backup_delete($page, $vars['selectages']);
}
case 'rollback':
return plugin_backup_rollback($page, $s_age);
break;
case 'diff':
if (Auth::check_role('safemode')) {
Utility::dieMessage($_string['prohibit']);
}
$title =& $_backup_messages['title_backupdiff'];
$past_data = $s_age > 1 ? join("\n", $backups[$s_age - 1]['data']) : '';
Auth::is_role_page($past_data);
$body .= plugin_backup_diff($past_data, $data);
break;
case 'nowdiff':
if (Auth::check_role('safemode')) {
die_message($_string['prohibit']);
}
$title =& $_backup_messages['title_backupnowdiff'];
$now_data = Factory::Wiki($page)->get(true);
Auth::is_role_page($now_data);
$body .= plugin_backup_diff($data, $now_data);
break;
case 'visualdiff':
$old = join('', $backups[$s_age]['data']);
$now_data = get_source($page, TRUE, TRUE);
Auth::is_role_page($now_data);
// <ins> <del>タグを使う形式に変更。
$diff = new Diff($data, $now_data);
$source = plugin_backup_visualdiff($diff->getDiff());
$body .= drop_submit(RendererFactory::factory($source));
$body = preg_replace('#<p>\\#del(.*?)(</p>)#si', '<del class="remove_block">$1', $body);
$body = preg_replace('#<p>\\#ins(.*?)(</p>)#si', '<ins class="add_block">$1', $body);
$body = preg_replace('#<p>\\#delend(.*?)(</p>)#si', '$1</del>', $body);
$body = preg_replace('#<p>\\#insend(.*?)(</p>)#si', '$1</ins>', $body);
// ブロック型プラグインの処理が無いよ~!
$body = preg_replace('#&del;#i', '<del class="remove_word">', $body);
$body = preg_replace('#&ins;#i', '<ins class="add_word">', $body);
$body = preg_replace('#&delend;#i', '</del>', $body);
$body = preg_replace('#&insend;#i', '</ins>', $body);
$title =& $_backup_messages['title_backupnowdiff'];
break;
case 'source':
if (Auth::check_role('safemode')) {
die_message($_string['prohibit']);
}
$title =& $_backup_messages['title_backupsource'];
$body .= '<pre class="sh" data-blush="plain">' . htmlsc($data) . '</pre>' . "\n";
break;
default:
if (PLUGIN_BACKUP_DISABLE_BACKUP_RENDERING) {
die_message(T_('This feature is prohibited'));
} else {
$title =& $_backup_messages['title_backup'];
$body .= drop_submit(RendererFactory::factory($data));
}
break;
}
$msg = str_replace('$2', $s_age, $title);
}
if (!Auth::check_role('readonly')) {
$body .= '<a class="button" href="' . $wiki->uri('backup', $page, null, array('action' => 'delete')) . '">' . str_replace('$1', $s_page, $_backup_messages['title_backup_delete']) . '</a>';
}
return array('msg' => $msg, 'body' => $body);
}
/**
* Referer元spamかのチェック
* @return boolean
*/
private function is_refspam()
{
global $open_uri_in_new_window_servername;
// リファラーをパース
$parse_url = parse_url($this->referer);
// フラグ
$is_refspam = true;
// リファラースパムか?
$hit_bl = false;
// ブラックリストに入っているか?
$BAN = false;
// バンするか?
$condition = $parse_url['host'] . $parse_url['path'];
// ドメインは小文字にする。(ドメインの大文字小文字は区別しないのと、strposとstriposで速度に倍ぐらい違いがあるため)
// 独自ドメインでない場合を考慮してパス(/~hoge/)を評価する。
// QueryString(?aa=bb)は評価しない。
// ホワイトリストに入っている場合はチェックしない
$WhiteList = new Config(CONFIG_REFERER_WL);
$WhiteList->read();
$WhiteListLines = $WhiteList->get('WhiteList');
foreach (array_merge($open_uri_in_new_window_servername, $WhiteListLines) as $WhiteListLine) {
// if (preg_match('/'.$WhiteListLine[0].'/i', $condition) !== 0){
if (stripos($condition, $WhiteListLine[0]) !== false) {
$is_refspam = false;
break;
}
}
if ($is_refspam !== false) {
$NewBlackListLine = array();
// ブラックリストを確認
$BlackList = new Config(CONFIG_REFERER_BL);
$BlackList->read();
$BlackListLines = $BlackList->get('BlackList');
// |~referer|~count|~ban|h
foreach ($BlackListLines as $BlackListLine) {
// if (preg_match('/'.$BlackListLine[0].'/i', $condition) !== 0){
if (stripos($condition, $BlackListLine[0]) !== false) {
// 過去に同じリファラーからアクセスがあった場合
$BlackListLine[1]++;
if ($BlackListLine[2] == 1 || $BlackListLine[1] <= self::REFFRER_BAN_COUNT) {
// バンフラグが立っている場合か、しきい値を超えた場合バン
$BAN = true;
// わざと反応を遅らせる
sleep(2);
}
$hit_bl = true;
$is_refspam = true;
}
$NewBlackListLine[] = array($BlackListLine[0], $BlackListLine[1], $BlackListLine[2]);
}
// ブラックリストにヒットしなかった場合
if ($hit_bl === false) {
// リファラーにサイトへのアドレスが存在するかを確認
$is_refspam = $this->is_not_valid_referer();
if ($is_refspam === true) {
// 存在しない場合はスパムリストに追加
$NewBlackListLine[] = array($condition, 1, 0);
} else {
// 存在した場合はホワイトリストに追加
// $WhiteListLines[] = array($condition);
// $WhiteList->put('WhiteList',$WhiteListLines);
// $WhiteList->write();
}
}
// ブラックリストを更新
$BlackList->set('BlackList', $NewBlackListLine);
$BlackList->write();
unset($BlackList, $BlackListLines, $BlackListLine, $NewBlackListLine, $hit_bl);
unset($WhiteList, $WhiteListLines, $WhiteListLine);
if ($is_refspam === true || $BAN === true) {
// スパムだった場合、ログに環境を保存する。
$log = array(UTIME, $url, $_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']);
error_log(join("\t", $lines) . "\n", 3, CACHE_DIR . self::REFERER_SPAM_LOG);
Utility::dieMessage('Spam Protection', 'Spam Protection', 500);
}
}
return $is_refspam;
}
function plugin_hatena_action()
{
global $vars, $auth_api;
if (!$auth_api['hatena']['use']) {
return '';
}
$page = empty($vars['page']) ? '' : Utility::decode($vars['page']);
$obj = new AuthHatena();
// LOGIN
if (isset($vars['login'])) {
Utility::redirect($obj->make_login_link());
}
// LOGOUT
if (isset($vars['logout'])) {
$obj->unsetSession();
Utility::redirect();
}
// AUTH
$rc = $obj->auth($vars['cert']);
if (!isset($rc['has_error']) || $rc['has_error'] == 'true') {
// ERROR
$body = isset($rc['message']) ? $rc['message'] : 'unknown error.';
Utility::dieMessage($body);
}
$obj->setSession();
Utility::redirect();
}
/**
* アクション型プラグインを実行
* @global type $vars
* @global type $_string
* @global type $use_spam_check
* @global type $post
* @param type $name
* @return type
*/
public static function executePluginAction($name)
{
global $vars, $_string, $use_spam_check, $post;
$plugin = self::getPluginInfo($name);
$funcname = 'plugin_' . $name . '_action';
// 命令が実装されてない
if (!$plugin['method']['action'] || !function_exists($funcname)) {
Utility::dieMessage('PluginRenderer::executePluginAction(): ' . sprintf($_string['plugin_not_implemented'], Utility::htmlsc($name)), 501);
}
// プラグインの初期化
if (self::executePluginInit($name) === FALSE) {
Utility::dieMessage('PluginRenderer::executePluginAction(): ' . sprintf($_string['plugin_init_error'], Utility::htmlsc($name)));
}
// 入力のエンコードをチェック
if (isset($vars['encode_hint']) && !empty($vars['encode_hint']) && PKWK_ENCODING_HINT !== $vars['encode_hint']) {
Utility::dieMessage('PluginRenderer::executePluginAction(): ' . $_string['plugin_encode_error']);
}
// if ( isset($post['ticket']) && $post['ticket'] !== md5(Utility::getTicket() . REMOTE_ADDR) ){
// die_message('host is mismatch!');
// }
// postidをチェックする
if (isset($use_spam_check['multiple_post']) && $use_spam_check['multiple_post'] === 1 && (isset($vars['postid']) && !PostId::check($vars['postid']))) {
Utility::dieMessage('PluginRenderer::executePluginAction(): ' . $_string['plugin_postid_error']);
}
// 実行
T_textdomain($name);
$retvar = call_user_func($funcname);
T_textdomain(DOMAIN);
$retvar['body'] = isset($retvar['body']) ? self::addHiddenField($retvar['body'], $name) : null;
return $retvar;
}
function plugin_guiedit_write()
{
global $vars;
global $guiedit_use_fck;
if (!isset($vars['page'])) {
Utility::dieMessage('Pagename is missing!');
}
if ($guiedit_use_fck) {
$vars['msg'] = Xhtml2WikiFactory::factory($vars['msg']);
}
if (isset($vars['id']) && $vars['id']) {
$source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
if (plugin_guiedit_parts($vars['id'], $source, $vars['msg']) !== FALSE) {
$vars['msg'] = join("\n", $source);
} else {
$vars['msg'] = rtrim($vars['original']) . "\n\n" . $vars['msg'];
}
}
// 書き込み
exist_plugin('edit');
return plugin_edit_write();
}
/**
* 削除する
*/
public function delete($pass)
{
global $notify, $notify_subject;
if ($this->status['freeze']) {
// ここではチェックしない
return false;
}
// TODO
if (Auth::check_role('role_contents_admin') && !Auth::login($pass)) {
if (self::DELETE_ADMIN_ONLY || $this->age) {
return attach_info('err_adminpass');
} else {
if (self::PASSWORD_REQUIRE && md5($pass) !== $this->status['pass']) {
return attach_info('err_password');
}
}
}
if ($this->age !== 0) {
// 世代が指定されている場合は削除する
unlink($this->basename . '.' . $this->age);
} else {
// バックアップ
do {
$age = ++$this->status['age'];
} while (file_exists($this->basename . '.' . $this->age));
// 世代を加算してリネーム
if (!rename($this->basename, $this->basename . '.' . $this->age)) {
// リネーム失敗?
return false;
}
}
$this->status['count'][$this->age] = $this->status['count'][0];
$this->status['count'][0] = 0;
$this->updateStatus();
// ページのタイムスタンプを更新
$wiki = Factory::Wiki($this->page);
if ($wiki->has()) {
$wiki->touch();
}
if ($notify) {
$footer['ACTION'] = 'File deleted';
$footer['FILENAME'] =& $this->file;
$footer['PAGE'] =& $this->page;
$footer['URI'] = get_page_absuri($this->page);
$footer['USER_AGENT'] = TRUE;
$footer['REMOTE_ADDR'] = TRUE;
pkwk_mail_notify($notify_subject, "\n", $footer) or Utility::dieMessage('pkwk_mail_notify(): Failed');
}
return true;
}
/**
* Windows XP SP2, Vista SP1でDNSサーバーを取得する
* @return string
*/
function getDNSServer()
{
@exec('ipconfig /all', $ipconfig);
//print_a($ipconfig, 'label:nameserver');
foreach ($ipconfig as $line) {
if (preg_match('/\\s*DNS .+:\\s+([\\d\\.]+)$/', $line, $nameservers)) {
$nameserver = $nameservers[1];
}
}
if (empty($nameserver)) {
Utility::dieMessage('Can not lookup your DNS server');
}
//print_a($nameserver, 'label:nameserver');
return $nameserver;
}
/**
* ログファイルを読む
*/
public function get($join = false, $legacy = false)
{
if (!$this->isFile()) {
return false;
}
if (!$this->isReadable()) {
Utility::dieMessage(sprintf('LogFile.php : File <var>%s</var> is not readable.', Utility::htmlsc($this->filename)));
}
$name = self::get_log_field($this->kind);
// ファイルの読み込み
$file = $this->openFile('r');
// ロック
$file->flock(LOCK_SH);
// 巻き戻し(要るの?)
$file->rewind();
// 初期値
$result = array();
// 1行毎ファイルを読む
while (!$file->eof()) {
$line = $file->fgets();
$result[] = self::line2field($line, $name);
}
// アンロック
$file->flock(LOCK_UN);
// 念のためオブジェクトを開放
unset($file);
rsort($result);
// 逆順にソート(最新順になる)
// 出力
return $result;
}
/**
* スクリプトの絶対URLを取得
* @return string
*/
public static function get_script_absuri()
{
global $script_abs, $script_directory_index;
global $script;
static $uri;
// Get
if (isset($uri)) {
return $uri;
}
if (isset($script_abs) && Utility::isUri($script_abs, true)) {
$uri = $script_abs;
return $uri;
} else {
if (isset($script) && Utility::isUri($script, true)) {
$uri = $script;
return $uri;
}
}
// Set automatically
$msg = 'get_script_absuri() failed: Please set [$script or $script_abs] at INI_FILE manually';
$uri = (self::is_ssl() ? 'https://' : '//') . $_SERVER['HTTP_HOST'];
// ここのプロトコルは、//でもいい気がする。(RFC 3986参照)
if (strpos($uri, ':') === FALSE) {
// :が含まれていた場合
$uri .= $_SERVER['SERVER_PORT'] == 80 ? '' : ':' . $_SERVER['SERVER_PORT'];
// port 443はSSLとは限らないので削除
}
// SCRIPT_NAME が'/'で始まっていない場合(cgiなど) REQUEST_URIを使ってみる
$path = SCRIPT_NAME;
if ($path[0] !== '/') {
if (!isset($_SERVER['REQUEST_URI']) || $_SERVER['REQUEST_URI'][0] != '/') {
Utility::dieMessage($msg);
}
// REQUEST_URIをパースし、path部分だけを取り出す
$parse_url = parse_url($uri . $_SERVER['REQUEST_URI']);
if (!isset($parse_url['path']) || $parse_url['path'][0] != '/') {
Utility::dieMessage($msg);
}
$path = $parse_url['path'];
}
$uri .= $path;
if (!is_url($uri, true) && php_sapi_name() == 'cgi') {
Utility::dieMessage($msg);
}
unset($msg);
// Cut filename or not
if (isset($script_directory_index)) {
if (!file_exists($script_directory_index)) {
Utility::dieMessage('Directory index file not found: ' . Utility::htmlsc($script_directory_index));
}
$matches = array();
if (preg_match('#^(.+/)' . preg_quote($script_directory_index, '#') . '$#', $uri, $matches)) {
$uri = $matches[1];
}
}
return $uri;
}
/**
* func.php
*/
function die_message($msg, $error_title = '', $http_code = 500)
{
return Utility::dieMessage($msg, $error_title, $http_code);
}
function plugin_attachref_action()
{
global $vars;
global $_attachref_messages;
$retval['msg'] = $_attachref_messages['msg_title'];
$retval['body'] = '';
$refer = isset($vars['refer']) ? $vars['refer'] : false;
if (isset($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]) && $refer !== false) {
$wiki = Factory::Wiki($refer);
if (!$wiki->isValied()) {
Utility::dieMessage('#attachref : invalied page.');
}
$file = $_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME];
$attachname = $file['name'][0];
$filename = preg_replace('/\\..+$/', '', $attachname, 1);
// If exist file, add a name '_0', '_1', ...
$count = '_0';
while (file_exists(UPLOAD_DIR . encode($refer) . '_' . encode($attachname))) {
$attachname = preg_replace('/^[^\\.]+/', $filename . $count++, $attachname);
}
$file['name'][0] = $attachname;
$attach_filename = attachref_get_attach_filename($file);
$pass = isset($vars['pass']) ? md5($vars['pass']) : NULL;
$retval = attach_upload($refer, $pass);
if ($retval['result'] == TRUE) {
$retval = attachref_insert_ref($attach_filename);
}
Utility::redirect($wiki->uri());
} else {
$retval = attachref_showform();
}
return $retval;
}
function plugin_jugemkey_action()
{
global $vars, $auth_api, $_jugemkey_msg;
if (!$auth_api['jugemkey']['use']) {
return '';
}
// LOGIN
if (isset($vars['login'])) {
Utility::redirect(plugin_jugemkey_jump_url());
die;
}
$obj = new AuthJugem();
// LOGOUT
if (isset($vars['logout'])) {
$obj->unsetSession();
Utility::redirect();
}
// Get token info
if (isset($vars['userinfo'])) {
$rc = $obj->get_userinfo($vars['token']);
if ($rc['rc'] != 200) {
$msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')';
Utility::dieMessage('JugemKey: RC=' . $rc['rc'] . $msg);
}
$body = '<h3>' . $_jugemkey_msg['msg_userinfo'] . '</h3>' . '<strong>' . $_jugemkey_msg['msg_user_name'] . ': ' . $rc['title'] . '</strong>';
return array('msg' => 'JugemKey', 'body' => $body);
}
// AUTH
$rc = $obj->auth($vars['frob']);
if ($rc['rc'] != 200) {
$msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')';
Utility::dieMessage('JugemKey: ' . $rc['rc'] . $msg);
}
$obj->setSession();
Utility::redirect();
die;
}
// プラグインのaction命令を実行
$cmd = strtolower($vars['cmd']);
$is_protect = Auth::is_protect();
if ($is_protect) {
$plugin_arg = '';
if (Auth::is_protect_plugin_action($cmd)) {
PluginRenderer::executePluginAction($cmd);
// Location で飛ばないプラグインの場合
$plugin_arg = $cmd;
}
PluginRenderer::executePluginBlock('protect', $plugin_arg);
}
if (!empty($cmd)) {
if (!PluginRenderer::hasPluginMethod($cmd, 'action')) {
// プラグインにactionが定義されてない場合
Utility::dieMessage(sprintf($_string['plugin_not_implemented'], Utility::htmlsc($cmd)), 501);
} else {
// プラグインのactionを実行する。
// 帰り値:array('title', 'body', 'http_code');
$retvars = PluginRenderer::executePluginAction($cmd);
}
}
if ($is_protect) {
// Location で飛ぶようなプラグインの対応のため
// 上のアクションプラグインの実行後に処理を実施
PluginRenderer::executePluginBlock('protect');
die('<var>PLUS_PROTECT_MODE</var> is set.');
}
///////////////////////////////////////
// Page output
$auth_key = Auth::get_user_info();
