function plugin_pcomment_action() { global $vars, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY')); } if (!isset($vars['msg']) || empty($vars['msg'])) { return array(); } // Validate if (is_spampost(array('msg'))) { Utility::dump(); return array('msg' => '', 'body' => ''); // Do nothing } $refer = isset($vars['refer']) ? $vars['refer'] : ''; if (!is_page($refer) && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE')); } $retval = plugin_pcomment_insert(); if ($retval['collided']) { $vars['page'] = $refer; return $retval; } $hash = isset($vars['reply']) ? '#pcmt' . Utility::htmlsc($vars['reply']) : ''; Utility::redirect(get_page_location_uri($refer) . $hash); }
function plugin_newpage_action() { global $vars, $_string, $_newpage_messages; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), '', 403); } if (Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), '', 403); } if (!isset($vars['page'])) { $retvars['msg'] = $_newpage_messages['title']; $retvars['body'] = plugin_newpage_convert(); return $retvars; } else { $page = Utility::stripNullBytes($vars['page']); if (isset($vars['refer'])) { $r_page = Utility::getPageName($page, $vars['refer']); $r_refer = 'refer=' . $vars['refer']; } else { $r_page = $page; $r_refer = ''; } Utility::redirect(get_page_location_uri($r_page, $r_refer)); exit; } }
function plugin_showrss_action() { global $vars, $cache; // if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibit this'); if (Auth::check_role('safemode')) { Utility::dieMessage('PKWK_SAFE_MODE prohibits this'); } if ($vars['feed']) { // ajaxによる読み込み $target = $vars['feed']; list($data, $time, $reason) = plugin_showrss_get_rss($vars['feed'], 1, true); $header = Header::getHeaders('aplication/xml', $time); if (empty($reason)) { Header::writeResponse($header, Response::STATUS_CODE_200, $data); } else { // とりあえずXMLでエラー Header::writeResponse($header, Response::STATUS_CODE_200, '<?xml version="1.0" encoding="UTF-8"?><response><error>1</error><message>' . Utility::htmlsc($reason) . '</message></response>'); } exit; } $body = ''; foreach (array('xml', 'mbstring') as $extension) { ${$extension} = extension_loaded($extension) ? '&color(green){Found};' : '&color(red){Not found};'; $body .= '| ' . $extension . ' extension | ' . ${$extension} . ' |' . "\n"; } return array('msg' => 'showrss_info', 'body' => convert_html($body)); }
function plugin_comment_action() { global $vars, $post, $_comment_messages; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { die_message(sprintf($_comment_messages['err_prohibit'], 'PKWK_READONLY')); } if (!is_page($vars['refer']) && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_comment_messages['err_prohibit'], 'PKWK_CREATE_PAGE')); } return plugin_comment_write(); }
function plugin_add_action() { global $get, $post, $vars, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage($_string['prohibit']); } $page = isset($vars['page']) ? $vars['page'] : ''; $wiki = Factory::Wiki($page); $wiki->checkEditable(); $get['add'] = $post['add'] = $vars['add'] = TRUE; return array('msg' => _("Add to \$1"), 'body' => '<ul>' . "\n" . ' <li>' . T_('Two and the contents of an input are added for a new-line to the contents of a page of present addition.') . '</li>' . "\n" . '</ul>' . "\n" . edit_form($page, '')); }
/** * 書き込み * @global boolean $notify * @global boolean $notify_diff_only * @param string $str */ public function set($diffdata = '', $keeptimestamp = false) { global $notify, $notify_diff_only, $notify_subject; // 差分を作成 //$diff = new Diff(WikiFactory::Wiki($this->page)->source(true), explode("\n",$postdata)); //$str = $diff->getDiff(); if ($notify) { $str = $notify_diff_only ? preg_replace('/^[^-+].*\\n/m', '', $diffdata) : $diffdata; $summary = array('ACTION' => 'Page update', 'PAGE' => &$page, 'URI' => Router::get_script_uri() . '?' . rawurlencode($page), 'USER_AGENT' => TRUE, 'REMOTE_ADDR' => TRUE); Mailer::notify($notify_subject, $str, $summary) or Utility::dieMessage('Mailer::notify(): Failed'); } parent::set($diffdata); }
function plugin_links_action() { global $post, $vars, $foot_explain; global $_links_messages, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this'); if (Auth::check_role('readonly')) { Utility::dieMessage($_string['error_prohibit']); } $msg = $_links_messages['title_update']; $admin_pass = empty($post['adminpass']) ? null : $post['adminpass']; if (isset($vars['execute']) && $vars['execute'] === 'true') { if (!Auth::check_role('role_contents_admin') || Auth::login($admin_pass)) { // $force = (isset($post['force']) && $post['force'] === 'on') ? true : false; $links = new Relational(''); $links->init(); return array('msg' => $msg, 'body' => $_links_messages['msg_done']); } else { $msg = $_links_messages['msg_error']; } } $body = RendererFactory::factory(sprintf($_links_messages['msg_usage1'])); $script = Router::get_script_uri(); if (Auth::check_role('role_contents_admin')) { $body .= RendererFactory::factory(sprintf($_links_messages['msg_usage2'])); } $body .= <<<EOD <form method="post" action="{$script}" class="form-inline plugin-links-form"> \t<input type="hidden" name="cmd" value="links" /> \t<input type="hidden" name="execute" value="true" /> EOD; if (Auth::check_role('role_contents_admin')) { $body .= <<<EOD \t<div class="form-group"> \t\t<label for="_p_links_adminpass" class="sr-only">{$_links_messages['msg_adminpass']}</label> \t\t<input type="password" name="adminpass" id="_p_links_adminpass" class="form-control" size="20" value="" placeholder="{$_links_messages['msg_adminpass']}" /> \t</div> EOD; } $body .= <<<EOD \t<!--div class="checkbox"> \t\t<input type="checkbox" name="force" id="_c_force" /> \t\t<label for="_c_force">{$_links_messages['btn_force']}</label> \t</div--> \t<input type="submit" class="btn btn-primary" value="{$_links_messages['btn_submit']}" /> </form> EOD; return array('msg' => $msg, 'body' => $body); }
function plugin_source_action() { global $vars; //, $_source_messages; // if (PKWK_SAFE_MODE) die_message('PKWK_SAFE_MODE prohibits this'); if (Auth::check_role('safemode')) { Utility::dieMessage('PKWK_SAFE_MODE prohibits this'); } $page = isset($vars['page']) ? $vars['page'] : ''; $vars['refer'] = $page; $wiki = Factory::Wiki($page); if (!$wiki->isValied() || !$wiki->isReadable()) { return array('msg' => T_(' $1 was not found.'), 'body' => T_('cannot display the page source.')); } $source = $wiki->get(true); Auth::is_role_page($source); return array('msg' => T_('Source of $1'), 'body' => '<pre class="sh sunlight-highlight-plain">' . Utility::htmlsc($source) . '</pre>'); }
public static function check($postdata) { global $akismet_api_key; $akismet = new ZendService\Akismet($akismet_api_key, Router::get_script_absuri()); if ($akismet->verifyKey($akismet_api_key)) { // 送信するデーターをセット $akismet_post = array('user_ip' => Utility::getRemoteIp(), 'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null, 'comment_type' => 'comment', 'comment_author' => isset($vars['name']) ? $vars['name'] : self::DEFAULT_USER_NAME); if ($use_spam_check['akismet'] === 2) { $akismet_post['comment_content'] = $postdata; } else { // 差分のみをAkismetに渡す $akismet_post['comment_content'] = $addedata; } if ($akismet->isSpam($akismet_post)) { Utility::dieMessage('Writing was limited by Akismet (Blocking SPAM).', $_title['prohibit'], 400); } } else { Utility::dieMessage('Akismet API key does not valied.', 500); } }
/** * POST action via inline plugin */ function action_inline() { global $vars, $defaultpage, $_string; if (Auth::check_role('readonly')) { die_message('PKWK_READONLY prohibits editing'); } $page = isset($vars['refer']) ? $vars['refer'] : $defaultpage; $pcmd = $vars['pcmd']; $vote_id = $vars['vote_id']; $vars['page'] = $page; $choice_id = $vars['choice_id']; $wiki = Factory::Wiki($page); if ($this->is_continuous_vote($page, $pcmd, $vote_id)) { return array('msg' => T_('Error in vote'), 'body' => T_('Continuation vote cannot be performed.')); } // parse contents of wiki page and get update $lines = $wiki->get(); list($linenum, $newline, $newtext, $newvotes) = $this->get_update_inline($lines, $vote_id, $choice_id); if ($linenum === false) { Utility::dieMessage(T_('There was no matching vote. ')); } $newlines = $lines; $newlines[$linenum] = $newline; $newcontents = implode('', $newlines); // collision check if ($wiki->digest() !== $vars['digest']) { $msg = $_string['title_collided']; $body = $this->show_preview_form($_string['msg_collided'], $newline); return array('msg' => $msg, 'body' => $body); } $wiki->set($newcontents, TRUE); // notimestamp $this->update_recent_voted($page, $pcmd, $vote_id, $choice_id, $newvotes); //static in convert() was somehow wierd if return(msg=>'',body=>''); //$msg = $_string['updated']; //$body = ''; //return array('msg'=>$msg, 'body'=>$body); $anchor = $this->get_anchor($pcmd, $vote_id); Utility::redirect($wiki->uri() . '#' . $anchor); exit; }
function plugin_openid_finish_auth($consumer) { global $vars, $_openid_msg; $obj_verify = new AuthOpenIdVerify(); $session_verify = $obj_verify->getSession(); //$session_verify['server_url'] //$session_verify['local_id'] $page = empty($session_verify['page']) ? '' : rawurldecode($session_verify['page']); $author = empty($session_verify['author']) ? '' : rawurldecode($session_verify['author']); $obj_verify->unsetSession(); $return_to = get_page_location_uri($page); $response = $consumer->complete($return_to); /* echo '<pre>'; var_dump($response); die(); */ switch ($response->status) { case Auth_OpenID_CANCEL: Utility::dieMessage($_openid_msg['err_cancel']); case Auth_OpenID_FAILURE: Utility::dieMessage($_openid_msg['err_failure'] . $response->message); case Auth_OpenID_SUCCESS: $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); // $sreg['email'], $sreg['nickname'], $sreg['fullname'] if (!isset($sreg['nickname'])) { if (PLUGIN_OPENID_NO_NICKNAME) { $sreg['nickname'] = 'anonymouse'; } else { Utility::dieMessage($_openid_msg['err_nickname']); } } $obj = new AuthOpenId(); $obj->response = $sreg; // その他の項目を引き渡す $obj->response['author'] = $author; $obj->response['local_id'] = !empty($response->endpoint->local_id) ? $response->endpoint->local_id : $response->endpoint->claimed_id; $obj->response['identity_url'] = $response->getDisplayIdentifier(); $obj->setSession(); break; } // オリジナルの画面に戻る header('Location: ' . get_page_location_uri($page)); }
function attach_showform() { global $vars, $_attach_messages, $_string; if (Auth::check_role('safemode')) { die_message($_string['prohibit']); } $page = isset($vars['page']) ? $vars['page'] : null; if (empty($page)) { Utility::dieMessage('Page name is not defined'); } $isEditable = Factory::Wiki($page)->isEditable(); $vars['refer'] = $page; $html = array(); if (!IS_AJAX) { $attach_list = attach_list($page); $html[] = '<p><small>[<a href="' . Router::get_cmd_uri('attach', null, null, array('pcmd' => 'list')) . '">' . $_attach_messages['msg_listall'] . '</a>]</small></p>'; if ($isEditable) { $html[] = '<h2>' . str_replace('$1', $page, $_attach_messages['msg_upload']) . '</h2>' . "\n"; $html[] = attach_form($page); } $html[] = '<h2>' . str_replace('$1', $page, $_attach_messages['msg_listpage']) . '</h2>' . "\n"; $html[] = $attach_list['body']; } else { $html[] = '<div class="tabs" role="application">'; $html[] = '<ul role="tablist">'; if ($isEditable) { $html[] = '<li role="tab"><a href="' . Router::get_cmd_uri('attach', null, null, array('pcmd' => 'form', 'refer' => $page)) . '">' . str_replace('$1', $_attach_messages['msg_thispage'], $_attach_messages['msg_upload']) . '</a></li>'; } $html[] = '<li role="tab"><a href="' . Router::get_cmd_uri('attach', null, null, array('pcmd' => 'list', 'refer' => $page)) . '">' . str_replace('$1', $_attach_messages['msg_thispage'], $_attach_messages['msg_listpage']) . '</a></li>'; $html[] = '</ul>'; $html[] = '</div>'; } return array('msg' => $_attach_messages['msg_upload'], 'body' => join("\n", $html)); }
function plugin_edit_action() { // global $vars, $_title_edit, $load_template_func; global $vars, $load_template_func, $_string, $_edit_msg; $page = isset($vars['page']) ? $vars['page'] : null; if (empty($page)) { return array('msg' => $_edit_msg['msg_edit'], 'body' => $_edit_msg['err_empty_page']); } $wiki = Factory::Wiki($page); if (!$wiki->isEditable(true)) { Utility::dieMessage($_string['err_empty_page'], 403); } // if (PKWK_READONLY) die_message( sprintf($_string['error_prohibit'], 'PKWK_READONLY') ); if (Auth::check_role('readonly')) { Utility::dieMessage($_string['error_prohibit'], 403); } if (PKWK_READONLY == Auth::ROLE_AUTH && Auth::get_role_level() > Auth::ROLE_AUTH) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), 403); } if (isset($vars['realview'])) { return plugin_edit_realview(); } if (!$wiki->has() && Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), 403); } if (preg_match($wiki::INVALIED_PAGENAME_PATTERN, $page)) { Utility::dieMessage($_string['illegal_chars']); } if (isset($vars['preview']) || $load_template_func && isset($vars['template'])) { return plugin_edit_preview(); } else { if (isset($vars['write'])) { return plugin_edit_write(); } else { if (isset($vars['cancel'])) { return plugin_edit_cancel(); } } } $postdata = $vars['original'] = $wiki->get(true); Auth::is_role_page($postdata); if (isset($vars['id']) && !empty($vars['id'])) { $source = $wiki->get(); $postdata = plugin_edit_parts($vars['id'], $source); if ($postdata === FALSE) { unset($vars['id']); // なかったことに :) $postdata = $vars['original']; } } if (empty($postdata)) { // Check Page name length // http://pukiwiki.sourceforge.jp/dev/?PukiWiki%2F1.4%2F%A4%C1%A4%E7%A4%C3%A4%C8%CA%D8%CD%F8%A4%CB%2F%C4%B9%A4%B9%A4%AE%A4%EB%A5%DA%A1%BC%A5%B8%CC%BE%A4%CE%A5%DA%A1%BC%A5%B8%A4%CE%BF%B7%B5%AC%BA%EE%C0%AE%A4%F2%CD%DE%BB%DF $filename_max_length = 250; $filename = Utility::encode($page) . '.txt'; $filename_length = strlen($filename); if ($filename_length > $filename_max_length) { // Filename too long return array('msg' => $_edit_msg['title_edit'], 'body' => join("\n", array('<p class="alert alert-warning"><span class="fa fa-exclamation-triangle"></span>' . $_edit_msg['err_long'], '</p>', '<dl class="dl-horizontal">', '<dt>Page name</dt>', '<dd>' . Utility::htmlsc($page) . '</dd>', '<dt>Filename</dt>', '<dd>' . $filename . '</dd>', '<dt>Filename length</dt>', '<dd>' . $filename_length . '</dd>', '<dt>Filename limit</dt>', '<dd>' . $filename_max_length . '</dd>', '</dl>'))); } else { $postdata = $wiki->auto_template(); } } return array('msg' => sprintf($_edit_msg['title_edit'], $page), 'body' => Utility::editForm($page, $postdata)); }
function plugin_table_edit2_action() { global $vars, $post, $auth_users, $_string; $table_num = $vars['table_num']; $page = isset($vars['refer']) ? $vars['refer'] : null; if (empty($page)) { Utility::dieMessage('Page name is null.'); } $wiki = Factory::Wiki($page); if (is_freeze($page)) { check_editable($page, true, true); } if ($wiki->isFreezed()) { $wiki->checkEditable(true); } // Cancel $anchr_jump = PLUGIN_TABLE_EDIT2_ANCHR_JUMP ? '#TableEdit2TableNumber' . $table_num : ''; if (isset($vars['cancel'])) { Utility::redirect($wiki->uri() . $anchr_jump); exit; } $line_count = 1; $table_sub_num = 1; //td $table_sub_num_chk = 1; //td $setting = 0; $import = $export = $csv_cancel = 0; $edit_mod = isset($vars['edit_mod']) ? $vars['edit_mod'] : ''; $td_edit = $edit_mod == 't_edit_td' || $edit_mod == 'td' ? 1 : 0; $tr_edit = $edit_mod == 't_edit' || $edit_mod == 'tr' ? 1 : 0; $t_edit = $edit_mod == 't_edit_td' || $edit_mod == 't_edit' ? 1 : 0; $edit_show = $edit_mod == 'tdshow' || $edit_mod == 'show' ? 1 : 0; // Petit SPAM Check (Client(Browser)-Server Ticket Check) $spam = FALSE; if (!function_exists('honeypot_write') && $t_edit) { $spam = plugin_table_edit2_spam($post['encode_hint']); } if ($spam) { return plugin_table_edit2_honeypot(); } if (Auth::check_role('readonly')) { die_message('PKWK_READONLY prohibits editing'); } if (PLUGIN_TABLE_EDIT2_HTTP_REFERER) { if (!function_exists('path_check')) { if (!preg_match('/^(' . $script_uri . ')/', $_SERVER['HTTP_REFERER'])) { return; } } else { if (!path_check($script_uri, $_SERVER['HTTP_REFERER'])) { return; } } } if ($edit_mod === 'setting') { $set = new TableEdit2SettingWrite($vars); if (!$set->sc) { return $set->error; } $setting = 1; unset($vars['table_mod']); } $notimestamp = FALSE; if (isset($vars['csv_mod']) || isset($vars['ex_cancel']) || isset($vars['im_cancel']) || isset($vars['set_csv']) || isset($vars['csv_back'])) { $csv = new TableEdit2CsvAction(); if (isset($vars['csv_mod']) && $vars['csv_mod'] === 'import') { $csv->csv_import($vars); $import = 1; } else { if (isset($vars['csv_mod']) && $vars['csv_mod'] === 'export') { $export = 1; $csv_export_data = array(); } else { if (isset($vars['ex_cancel']) || isset($vars['im_cancel'])) { $csv_cancel = 1; $notimestamp = TRUE; } else { if (isset($vars['set_csv'])) { $set_csv = 1; $notimestamp = TRUE; } else { if (isset($vars['csv_back'])) { if (PLUGIN_TABLE_EDIT2_CSV_UNLINK) { $con = new TableEdit2CsvConversion($page, array('name' => $vars['file_name'])); unlink($con->filename); unlink($con->logname); } Utility::redirect($wiki->uri()); exit; } else { return array('msg' => 'csv error', 'body' => 'csv option error'); // . join("\n", $csv_data) } } } } } } if (isset($vars['table_mod'])) { $chg = new TableEdit2TableMod($vars['table_mod']); } if ($td_edit || $tr_edit) { $edit = new TableEdit2Edit($vars); } if ($edit_show) { $show = new TableEdit2Show($vars, $page); } $args = get_source($page); static $count = 0; $source_s = ''; $body = ''; $row_title = 0; $td_title_count = 0; if ($td_edit || $tr_edit || $setting || $import) { $notimestamp = isset($vars['notimestamp']) ? TRUE : FALSE; } foreach ($wiki->get() as $args_key => $args_line) { if (preg_match('/^#([^\\(\\{]+)(?:\\(([^\\r]*)\\))?(\\{*)/', $args_line, $matches) !== FALSE) { if (isset($matches[1]) && ($matches[1] == 'table_edit2' || $matches[1] == "table_edit2\n")) { $table_find = 1; $count++; if ($line_count === 1 && $count == $table_num) { if (preg_match('/auth_check[=_](on|off)/i', $matches[2], $auth_check)) { if ($auth_check[1] == 'on') { if (!auth::auth_pw($auth_users)) { $user = TableEdit2Auth::basic_auth(); if (empty($user)) { return; } } } } else { check_editable($page, true, true); } if ($setting) { $args_line = $set->plugin_set_opt($matches[3]); } if ($import) { $args_line = $csv->import_data_set($matches[2], $matches[3]); } if (isset($vars['ex_cancel'])) { $args_line = $csv->cancel($matches[2], $matches[3], 'export'); } if (isset($vars['im_cancel'])) { $args_line = $csv->cancel($matches[2], $matches[3], 'import'); } if (isset($set_csv)) { $args_line = $csv->set_csv_opt($matches[2], $matches[3], $vars['set_csv']); } if ($edit_mod == 'tdshow') { //tdshow - td_title - 06.11.11 if (preg_match('/title_c=(\\d+)/i', $matches[2], $match_title)) { $td_title_count = $match_title[1] - 1; } } if ($edit_mod == 'show') { //show header if (preg_match('/title_r=(\\d+)/i', $matches[2], $m_row_title)) { $row_title = $m_row_title[1]; } } if ($edit_show) { $show->text_type($matches[2]); } if (isset($vars['table_mod'])) { //table_mod $notimestamp = TRUE; $args_line = $chg->table_mod_chg($matches, $args_line); } } $end_line = strlen($matches[3]); } } if (isset($end_line) && preg_match('/^\\}{' . $end_line . '}/', $args_line) || !isset($end_line)) { $table_find = 0; } if ($table_find && $table_num == $count && !isset($vars['table_mod']) && !$setting && !$import) { $table_sub_num_count_chk = 0; $table_f_chose = preg_match('/^\\|(.+)\\|([hHfFcC]?)$/', $args_line, $match_line) ? 1 : 0; if ($args_line[0] == ',' && $args_line != ',') { $table_f_chose = 2; } if ($td_edit || $tr_edit) { $edit->chose = $table_f_chose; } if ($table_f_chose) { if ($table_f_chose === 1) { $match_t = explode("|", $match_line[1]); } elseif ($table_f_chose === 2) { $match_t = csv_explode(',', substr(str_replace("\n", '', $args_line), 1)); $match_line = array(1 => join(',', $match_t), 2 => ''); } if ($export) { $csv_export_data[] = $match_line[1]; } if (isset($vars['table_sub_num']) && $table_sub_num === $vars['table_sub_num'] && $table_sub_num_chk) { //td 06.09.18 $show->chk_table_sub_first_line = $line_count; $table_sub_num_chk = 0; } if (isset($vars['line_count']) && $vars['line_count'] === $line_count || strtolower($match_line[2]) === 'h' || $edit_mod == 'tdshow' || $td_edit || $row_title) { // $match_t = explode("|", $match_line[1]); if ($edit_mod == 'tdshow') { //tdshow - td_title - 06.11.11 $show->td_title[$line_count] = $match_t[$td_title_count]; } } if ($edit_mod == 'show') { //show header if ($match_line[2] == 'h' && !$row_title) { $show->table_header($match_t); } if ($line_count == $row_title) { $show->table_header($match_t); } } if ($vars['line_count'] == $line_count || $table_sub_num == $vars['table_sub_num']) { // textarea 06.11.12 if ($edit_show) { if ($show->t_type == 'textarea') { $show->text_type_textarea(count($match_t)); } } } if ($td_edit && $table_sub_num_chk == 0 && $table_sub_num == $vars['table_sub_num']) { $source_s .= $edit->td_edit($match_t) . $match_line[2] . "\n"; $table_sub_num_count_chk = 1; } else { if (isset($vars['line_count']) && $vars['line_count'] == $line_count && !$td_edit) { if ($tr_edit) { //t_edit tr_add if (isset($vars['add_show']) && $vars['add_show'] === 1) { $source_s .= $args_line; if ($edit->chose !== 2) { $edit->chk_csv_source($args, $args_key); } } $source_s .= $edit->tr_edit($args_line, $match_t, $match_line[2]); } else { if ($edit_show) { //show or tdshow $show->line_count = $line_count; $body = $show->show_mod($match_t); } } } else { if ($edit_mod == 'tdshow') { //tdshow and edit_td $show->cells[$line_count] = $match_t; } $table_sub_num_count_chk = 1; //td06.09.18 $source_s .= $args_line; } } $line_count++; } else { if ($table_sub_num_count_chk == 1 && substr($args_line, 0, 2) != '//') { //td $table_sub_num++; $table_sub_num_count_chk = 0; } $source_s .= $args_line; } } else { $source_s .= $args_line . "\n"; } } if ($export) { return $csv->csv_export($vars, $csv_export_data); } $collision = 0; if ($tr_edit || $td_edit) { if (Factory::Wiki($vars['refer'])->digest() !== $vars['digest']) { global $_string, $_title; $title = $_title['collided']; $body = $_string['msg_collided_auto'] . make_pagelink($vars['refer']); $collision = 1; } } if ($tr_edit || $td_edit || isset($vars['table_mod']) || $setting || $import || $csv_cancel || isset($set_csv)) { $source = explode("\n", $source_s); array_pop($source); // 末尾に余計な改行が入るので削除 // var_dump($source); // die; $wiki->set(explode("\n", $source_s), $notimestamp); } $get['page'] = $post['page'] = $vars['page'] = $page; if ($collision) { return array('msg' => $title, 'body' => $body); } if ($edit_show) { return array('msg' => $show->title, 'body' => $body); } //header('Location: ' . $script_uri . '?' . rawurlencode($page) . $anchr_jump); Utility::redirect($wiki->uri() . $anchr_jump); exit; }
/** * パスワードチェック * @global type $auth_type * @return type */ public static function check_auth_pw() { global $auth_type, $auth_users; $login = ''; switch ($auth_type) { case self::AUTH_BASIC: // BASIC認証 foreach (array('PHP_AUTH_USER', 'AUTH_USER', 'REMOTE_USER', 'LOGON_USER') as $x) { if (isset($_SERVER[$x]) && !empty($_SERVER[$x])) { // Digest だったら確実 if (!empty($_SERVER['AUTH_TYPE']) && $_SERVER['AUTH_TYPE'] == 'Digest') { $user = $_SERVER[$x]; break; } // ドメイン認証の確認 $ms = explode('\\', $_SERVER[$x]); if (count($ms) === 3) { $user = $ms[2]; // DOMAIN\\USERID break; } // この変数の内容で確定する $user = $_SERVER[$x]; break; } } if (empty($user)) { return null; } // 未定義ユーザは、サーバ側で認証時または、OSでの認証時のワークグループ接続的なイメージ if (!isset($auth_users[$user])) { return $user; } // 定義ユーザならパスワードのチェックを行う $pass = ''; foreach (array('PHP_AUTH_PW', 'AUTH_PASSWORD', 'HTTP_AUTHORIZATION') as $pw) { //if (! empty($_SERVER[$pw])) return $_SERVER[$x]; if (isset($_SERVER[$pw]) && !empty($_SERVER[$pw])) { $pass = $_SERVER[$pw]; break; } } if (empty($pass) || empty($auth_users[$user][0])) { return null; } // パスワードが空は除く $login = self::hash_verify($pass, $auth_users[$user][0]) ? $user : null; break; case self::AUTH_DIGEST: // Digest認証 $data = self::http_digest_parse(); if ($data === false) { return false; } list($scheme, $salt, $role) = self::get_data($data['username'], $auth_users); if ($scheme !== '{x-digest-md5}') { Utility::dieMessage('Auth::check_auth_pw(): Digest auth must be password scheme to <var>{x-digest-md5}</var>.'); } // $A1 = $salt; $A1 = md5($data['username'] . ':' . $realm . ':' . $auth_users[$data['username']]); $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); if ($data['response'] !== $valid_response) { unset($_SERVER['PHP_AUTH_DIGEST']); return false; } $login = $data['username']; break; case self::AUTH_NTLM: // NTLM認証 $srv_soft = defined('SERVER_SOFTWARE') ? SERVER_SOFTWARE : $_SERVER['SERVER_SOFTWARE']; if (substr($srv_soft, 0, 9) !== 'Microsoft') { Utility::dieMessage('Auth::check_auth_pw() : Your server does not supported to NTLM authenticate.'); } list(, $login, , ) = self::ntlm_decode(); break; default: throw new Exception('Auth::check_auth_pw() : The authentication method does not supported.'); break; } return $login; }
function plugin_md5_show_form($nophrase = FALSE, $value = '') { // if (PKWK_SAFE_MODE || PKWK_READONLY) die_message(T_('Prohibited')); if (Auth::check_role('safemode') || Auth::check_role('readonly')) { Utility::dieMessage(T_('Prohibited')); } if (strlen($value) > Auth::PASSPHRASE_LIMIT_LENGTH) { Utility::dieMessage(T_('Limit: malicious message length')); } if (!empty($value)) { $value = 'value="' . Utility::htmlsc($value) . '" '; } $sha1_enabled = function_exists('sha1'); $sha1_checked = $md5_checked = ''; if ($sha1_enabled) { $sha1_checked = 'checked="checked" '; } else { $md5_checked = 'checked="checked" '; } $form = '<p class="alert alert-danger">' . T_("NOTICE: Don't use this feature via untrustful or unsure network") . '</p>' . "\n" . '<hr />' . "\n"; if ($nophrase) { $form .= '<strong>' . T_("NO PHRASE") . '</strong><br />'; } $script = get_script_uri(); $form .= <<<EOD <form action="{$script}" method="get" class="plugin-md5-form"> \t<input type="hidden" name="cmd" value="md5" /> \t<div class="form-group"> \t\t<label for="_p_md5_phrase" class="control-label">Phrase:</label> \t\t<input type="text" name="phrase" id="_p_md5_phrase" class="form-control" size="60" {$value} /> \t</div> \t<div class="form-group"> EOD; if ($sha1_enabled) { $form .= <<<EOD \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_sha1" value="x-php-sha1" /> \t\t\t<label for="_p_md5_sha1">PHP sha1() !</label> \t\t</div> EOD; } $form .= <<<EOD \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_md5" value="x-php-md5" /> \t\t\t<label for="_p_md5_md5">PHP md5() !</label> \t\t</div> \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_pwdh" value="x-php-password" /> \t\t\t<label for="_p_md5_pwdh">PHP password_hash()</label> \t\t</div> \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_crpt" value="x-php-crypt" /> \t\t\t<label for="_p_md5_crpt">PHP crypt() *</label> \t\t</div> EOD; if ($sha1_enabled) { $form .= <<<EOD \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_lssha" value="SSHA" {$sha1_checked}/> \t\t\t<label for="_p_md5_lssha">LDAP SSHA (sha-1 with a seed) *!</label> \t\t</div> \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_lsha" value="SHA" /> \t\t\t<label for="_p_md5_lsha">LDAP SHA (sha-1) !</label> \t\t</div> EOD; } $form .= <<<EOD \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_lsmd5" value="SMD5" {$md5_checked}/> \t\t\t<label for="_p_md5_lsmd5">LDAP SMD5 (md5 with a seed) *!</label> \t\t</div> \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_lmd5" value="MD5" /> \t\t\t<label for="_p_md5_lmd5">LDAP MD5 !</label> \t\t</div> \t\t<div class="radio"> \t\t\t<input type="radio" name="scheme" id="_p_md5_lcrpt" value="CRYPT" /> \t\t\t<label for="_p_md5_lcrpt">LDAP CRYPT *</label> \t\t</div> \t\t<div class="checkbox"> \t\t\t<input type="checkbox" name="prefix" id="_p_md5_prefix" checked="checked" /> \t\t\t<label for="_p_md5_prefix">Add scheme prefix (RFC2307, Using LDAP as NIS)</label> \t\t</div> \t</div> \t<div class="form-group"> \t\t<label for="_p_md5_salt" class="control-label">Salt, '{scheme}', '{scheme}salt', or userPassword itself to specify:</label> \t\t<input type="text" name="salt" id="_p_md5_salt" size="60" class="form-control" /> \t</div> \t<div class="form-group"> \t\t<input type="submit" class="btn btn-info" value="Compute" /> \t</div> \t<p>* = Salt enabled</p> \t<p>! = No longer safe</p> </form> EOD; return $form; }
/** * ページを書き込む * @param string $str 書き込むデーター * @param boolean $notimestamp タイムスタンプを更新するかのフラグ * @return void */ public function set($str, $keeptimestamp = false) { global $use_spam_check, $_string, $vars, $_title, $whatsnew, $whatsdeleted; // roleのチェック if (Auth::check_role('readonly')) { return; } // Do nothing if (Auth::is_check_role(PKWK_CREATE_PAGE)) { Utility::dieMessage(sprintf($_strings['error_prohibit'], 'PKWK_READONLY'), 403); } // 簡易スパムチェック(不正なエンコードだった場合ここでエラー) if (isset($vars['encode_hint']) && $vars['encode_hint'] !== PKWK_ENCODING_HINT) { Utility::dump(); Utility::dieMessage($_string['illegal_chars'], 403); } // ポカミス対策:配列だった場合文字列に変換 if (is_array($str)) { $str = join("\n", $str); } // 入力データーを整形(※string型です) $postdata = Rules::make_str_rules($str); // 過去のデーターを取得 $oldpostdata = self::has() ? self::get(TRUE) : ''; // 差分を生成(ここでの差分データーはAkismetでも使う) $diff = new Diff($oldpostdata, $postdata); $diffobj = new LineDiff(); $diffdata = $diffobj->str_compare($oldpostdata, $postdata); // ログイン済みもしくは、自動更新されるページである $has_not_permission = Auth::check_role('role_contents_admin'); // 未ログインの場合、S25Rおよび、DNSBLチェック if ($has_not_permission) { $ip_filter = new IpFilter(); //if ($ip_filter->isS25R()) Utility::dieMessage('S25R host is denied.'); // 簡易スパムチェック if (Utility::isSpamPost()) { Utility::dump(); Utility::dieMessage('Writing was limited. (Blocking SPAM)'); } if (isset($use_spam_check['page_remote_addr']) && $use_spam_check['page_remote_addr'] !== 0) { // DNSBLチェック $listed = $ip_filter->checkHost(); if ($listed !== false) { Utility::dump('dnsbl'); Utility::dieMessage(sprintf($_strings['prohibit_dnsbl'], $listed), $_title['prohibit'], 400); } } if (isset($use_spam_check['page_contents']) && $use_spam_check['page_contents'] !== 0) { // URLBLチェック $reason = self::checkUriBl($diff); if ($reason !== false) { Utility::dump($reason); Utility::dieMessage($_strings['prohibit_uribl'], $_title['prohibit'], 400); } } // 匿名プロクシ if ($use_spam_check['page_write_proxy'] && ProxyChecker::is_proxy()) { Utility::dump('proxy'); Utility::dieMessage($_strings['prohibit_proxy'], $_title['prohibit'], 400); } // Akismet global $akismet_api_key; if (isset($use_spam_check['akismet']) && $use_spam_check['akismet'] !== 0 && !empty($akismet_api_key)) { $akismet = new Akismet($akismet_api_key, Router::get_script_absuri()); if ($akismet->verifyKey($akismet_api_key)) { // 送信するデーターをセット $akismet_post = array('user_ip' => REMOTE_ADDR, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'comment_type' => 'comment', 'comment_author' => isset($vars['name']) ? $vars['name'] : 'Anonymous', 'comment_content' => $postdata); // if ($use_spam_check['akismet'] === 1){ // // 差分のみをAkismetに渡す // foreach ($diff->getSes() as $key=>$line){ // if ($key !== $diff::SES_ADD) continue; // $added_data[] = $line; // } // $akismet_post['comment_content'] = join("\n",$added_data); // unset($added_data); // } if ($akismet->isSpam($akismet_post)) { Utility::dump('akismet'); Utility::dieMessage($_strings['prohibit_akismet'], $_title['prohibit'], 400); } } else { Utility::dieMessage('Akismet API key does not valied.', 500); } } // captcha check if (isset($use_spam_check['captcha']) && $use_spam_check['captcha'] !== 0) { Captcha::check(false); } } // 現時点のページのハッシュを読む $old_digest = $this->wiki->has() ? $this->wiki->digest() : 0; // オリジナルが送られてきている場合、Wikiへの書き込みを中止し、競合画面を出す。 // 現時点のページのハッシュと、送信されたページのハッシュを比較して異なる場合、 // 自分が更新している間に第三者が更新した(=競合が起きた)と判断する。 $collided = isset($vars['digest']) && $old_digest !== 0 && $vars['digest'] !== $old_digest; if ($collided && isset($vars['original'])) { return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided'] . Utility::showCollision($oldpostdata, $postdata, $vars['original']) . Utility::editForm($this->page, $postdata, false)); } // add client info to diff // $diffdata[] = '// IP:"'. REMOTE_ADDR . '" TIME:"' . UTIME . '" REFERER:"' . $referer . '" USER_AGENT:"' . $user_agent. "\n"; FileFactory::Diff($this->page)->set($diffdata); unset($oldpostdata, $diff, $diffdata); // Logging postdata (Plus!) if (self::POST_LOGGING === TRUE) { Utility::dump(self::POST_LOG_FILENAME); } // 入力が空の場合、削除とする if (empty($str)) { // Wikiページを削除 $ret = $this->wiki->set(''); Recent::set($this->page, true); } else { // Wikiを保存 $ret = $this->wiki->set($postdata, $keeptimestamp); // 最終更新を更新 Recent::set($this->page); } if ($this->page !== $whatsnew || $this->page !== $whatsdeleted || !$this->isHidden()) { // バックアップを更新 Factory::Backup($this->page)->set(); // 更新ログをつける LogFactory::factory('update', $this->page)->set(); if (!$keeptimestamp && !empty($str)) { // weblogUpdates.pingを送信 $ping = new Ping($this->page); $ping->send(); } } // 簡易競合チェック if ($collided) { return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided_auto']); } }
function plugin_backup_action() { global $vars, $do_backup, $_string, $_button; global $_backup_messages; if (!$do_backup) { return; } $page = isset($vars['page']) ? $vars['page'] : null; $action = isset($vars['action']) ? $vars['action'] : null; $s_age = isset($vars['age']) && is_numeric($vars['age']) ? $vars['age'] : 0; /** * if page is not set, show list of backup files */ if (!$page) { return array('msg' => $_backup_messages['title_backuplist'], 'body' => plugin_backup_get_list_all()); } $wiki = Factory::Wiki($page); $is_page = $wiki->has(); $s_page = Utility::htmlsc($page); $r_page = rawurlencode($page); $backups = Factory::Backup($page)->get(); $msg = $_backup_messages['msg_backup']; if ($s_age > count($backups)) { $s_age = count($backups); } $body = ''; $wiki->checkReadable(); if ($s_age <= 0) { return array('msg' => $_backup_messages['title_pagebackuplist'], 'body' => plugin_backup_get_list($page)); } $body .= '<div class="panel panel-default">'; $body .= plugin_backup_get_list($page); $body .= '</div>' . "\n"; if ($action) { $data = join("\n", $backups[$s_age]['data']); Auth::is_role_page($data); switch ($action) { case 'delete': /** * 指定された世代を確認。指定されていなければ、一覧のみ表示 */ // checkboxが選択されずにselectdeleteを実行された場合は、削除処理をしない if (!isset($vars['selectages']) && isset($vars['selectdelete'])) { // 選択削除ボタンが押された // 何もしない } else { if (!isset($vars['selectages'])) { // 世代引数がない場合は全削除 return plugin_backup_delete($page); } return plugin_backup_delete($page, $vars['selectages']); } case 'rollback': return plugin_backup_rollback($page, $s_age); break; case 'diff': if (Auth::check_role('safemode')) { Utility::dieMessage($_string['prohibit']); } $title =& $_backup_messages['title_backupdiff']; $past_data = $s_age > 1 ? join("\n", $backups[$s_age - 1]['data']) : ''; Auth::is_role_page($past_data); $body .= plugin_backup_diff($past_data, $data); break; case 'nowdiff': if (Auth::check_role('safemode')) { die_message($_string['prohibit']); } $title =& $_backup_messages['title_backupnowdiff']; $now_data = Factory::Wiki($page)->get(true); Auth::is_role_page($now_data); $body .= plugin_backup_diff($data, $now_data); break; case 'visualdiff': $old = join('', $backups[$s_age]['data']); $now_data = get_source($page, TRUE, TRUE); Auth::is_role_page($now_data); // <ins> <del>タグを使う形式に変更。 $diff = new Diff($data, $now_data); $source = plugin_backup_visualdiff($diff->getDiff()); $body .= drop_submit(RendererFactory::factory($source)); $body = preg_replace('#<p>\\#del(.*?)(</p>)#si', '<del class="remove_block">$1', $body); $body = preg_replace('#<p>\\#ins(.*?)(</p>)#si', '<ins class="add_block">$1', $body); $body = preg_replace('#<p>\\#delend(.*?)(</p>)#si', '$1</del>', $body); $body = preg_replace('#<p>\\#insend(.*?)(</p>)#si', '$1</ins>', $body); // ブロック型プラグインの処理が無いよ~! $body = preg_replace('#&del;#i', '<del class="remove_word">', $body); $body = preg_replace('#&ins;#i', '<ins class="add_word">', $body); $body = preg_replace('#&delend;#i', '</del>', $body); $body = preg_replace('#&insend;#i', '</ins>', $body); $title =& $_backup_messages['title_backupnowdiff']; break; case 'source': if (Auth::check_role('safemode')) { die_message($_string['prohibit']); } $title =& $_backup_messages['title_backupsource']; $body .= '<pre class="sh" data-blush="plain">' . htmlsc($data) . '</pre>' . "\n"; break; default: if (PLUGIN_BACKUP_DISABLE_BACKUP_RENDERING) { die_message(T_('This feature is prohibited')); } else { $title =& $_backup_messages['title_backup']; $body .= drop_submit(RendererFactory::factory($data)); } break; } $msg = str_replace('$2', $s_age, $title); } if (!Auth::check_role('readonly')) { $body .= '<a class="button" href="' . $wiki->uri('backup', $page, null, array('action' => 'delete')) . '">' . str_replace('$1', $s_page, $_backup_messages['title_backup_delete']) . '</a>'; } return array('msg' => $msg, 'body' => $body); }
/** * Referer元spamかのチェック * @return boolean */ private function is_refspam() { global $open_uri_in_new_window_servername; // リファラーをパース $parse_url = parse_url($this->referer); // フラグ $is_refspam = true; // リファラースパムか? $hit_bl = false; // ブラックリストに入っているか? $BAN = false; // バンするか? $condition = $parse_url['host'] . $parse_url['path']; // ドメインは小文字にする。(ドメインの大文字小文字は区別しないのと、strposとstriposで速度に倍ぐらい違いがあるため) // 独自ドメインでない場合を考慮してパス(/~hoge/)を評価する。 // QueryString(?aa=bb)は評価しない。 // ホワイトリストに入っている場合はチェックしない $WhiteList = new Config(CONFIG_REFERER_WL); $WhiteList->read(); $WhiteListLines = $WhiteList->get('WhiteList'); foreach (array_merge($open_uri_in_new_window_servername, $WhiteListLines) as $WhiteListLine) { // if (preg_match('/'.$WhiteListLine[0].'/i', $condition) !== 0){ if (stripos($condition, $WhiteListLine[0]) !== false) { $is_refspam = false; break; } } if ($is_refspam !== false) { $NewBlackListLine = array(); // ブラックリストを確認 $BlackList = new Config(CONFIG_REFERER_BL); $BlackList->read(); $BlackListLines = $BlackList->get('BlackList'); // |~referer|~count|~ban|h foreach ($BlackListLines as $BlackListLine) { // if (preg_match('/'.$BlackListLine[0].'/i', $condition) !== 0){ if (stripos($condition, $BlackListLine[0]) !== false) { // 過去に同じリファラーからアクセスがあった場合 $BlackListLine[1]++; if ($BlackListLine[2] == 1 || $BlackListLine[1] <= self::REFFRER_BAN_COUNT) { // バンフラグが立っている場合か、しきい値を超えた場合バン $BAN = true; // わざと反応を遅らせる sleep(2); } $hit_bl = true; $is_refspam = true; } $NewBlackListLine[] = array($BlackListLine[0], $BlackListLine[1], $BlackListLine[2]); } // ブラックリストにヒットしなかった場合 if ($hit_bl === false) { // リファラーにサイトへのアドレスが存在するかを確認 $is_refspam = $this->is_not_valid_referer(); if ($is_refspam === true) { // 存在しない場合はスパムリストに追加 $NewBlackListLine[] = array($condition, 1, 0); } else { // 存在した場合はホワイトリストに追加 // $WhiteListLines[] = array($condition); // $WhiteList->put('WhiteList',$WhiteListLines); // $WhiteList->write(); } } // ブラックリストを更新 $BlackList->set('BlackList', $NewBlackListLine); $BlackList->write(); unset($BlackList, $BlackListLines, $BlackListLine, $NewBlackListLine, $hit_bl); unset($WhiteList, $WhiteListLines, $WhiteListLine); if ($is_refspam === true || $BAN === true) { // スパムだった場合、ログに環境を保存する。 $log = array(UTIME, $url, $_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']); error_log(join("\t", $lines) . "\n", 3, CACHE_DIR . self::REFERER_SPAM_LOG); Utility::dieMessage('Spam Protection', 'Spam Protection', 500); } } return $is_refspam; }
function plugin_hatena_action() { global $vars, $auth_api; if (!$auth_api['hatena']['use']) { return ''; } $page = empty($vars['page']) ? '' : Utility::decode($vars['page']); $obj = new AuthHatena(); // LOGIN if (isset($vars['login'])) { Utility::redirect($obj->make_login_link()); } // LOGOUT if (isset($vars['logout'])) { $obj->unsetSession(); Utility::redirect(); } // AUTH $rc = $obj->auth($vars['cert']); if (!isset($rc['has_error']) || $rc['has_error'] == 'true') { // ERROR $body = isset($rc['message']) ? $rc['message'] : 'unknown error.'; Utility::dieMessage($body); } $obj->setSession(); Utility::redirect(); }
/** * アクション型プラグインを実行 * @global type $vars * @global type $_string * @global type $use_spam_check * @global type $post * @param type $name * @return type */ public static function executePluginAction($name) { global $vars, $_string, $use_spam_check, $post; $plugin = self::getPluginInfo($name); $funcname = 'plugin_' . $name . '_action'; // 命令が実装されてない if (!$plugin['method']['action'] || !function_exists($funcname)) { Utility::dieMessage('PluginRenderer::executePluginAction(): ' . sprintf($_string['plugin_not_implemented'], Utility::htmlsc($name)), 501); } // プラグインの初期化 if (self::executePluginInit($name) === FALSE) { Utility::dieMessage('PluginRenderer::executePluginAction(): ' . sprintf($_string['plugin_init_error'], Utility::htmlsc($name))); } // 入力のエンコードをチェック if (isset($vars['encode_hint']) && !empty($vars['encode_hint']) && PKWK_ENCODING_HINT !== $vars['encode_hint']) { Utility::dieMessage('PluginRenderer::executePluginAction(): ' . $_string['plugin_encode_error']); } // if ( isset($post['ticket']) && $post['ticket'] !== md5(Utility::getTicket() . REMOTE_ADDR) ){ // die_message('host is mismatch!'); // } // postidをチェックする if (isset($use_spam_check['multiple_post']) && $use_spam_check['multiple_post'] === 1 && (isset($vars['postid']) && !PostId::check($vars['postid']))) { Utility::dieMessage('PluginRenderer::executePluginAction(): ' . $_string['plugin_postid_error']); } // 実行 T_textdomain($name); $retvar = call_user_func($funcname); T_textdomain(DOMAIN); $retvar['body'] = isset($retvar['body']) ? self::addHiddenField($retvar['body'], $name) : null; return $retvar; }
function plugin_guiedit_write() { global $vars; global $guiedit_use_fck; if (!isset($vars['page'])) { Utility::dieMessage('Pagename is missing!'); } if ($guiedit_use_fck) { $vars['msg'] = Xhtml2WikiFactory::factory($vars['msg']); } if (isset($vars['id']) && $vars['id']) { $source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); if (plugin_guiedit_parts($vars['id'], $source, $vars['msg']) !== FALSE) { $vars['msg'] = join("\n", $source); } else { $vars['msg'] = rtrim($vars['original']) . "\n\n" . $vars['msg']; } } // 書き込み exist_plugin('edit'); return plugin_edit_write(); }
/** * 削除する */ public function delete($pass) { global $notify, $notify_subject; if ($this->status['freeze']) { // ここではチェックしない return false; } // TODO if (Auth::check_role('role_contents_admin') && !Auth::login($pass)) { if (self::DELETE_ADMIN_ONLY || $this->age) { return attach_info('err_adminpass'); } else { if (self::PASSWORD_REQUIRE && md5($pass) !== $this->status['pass']) { return attach_info('err_password'); } } } if ($this->age !== 0) { // 世代が指定されている場合は削除する unlink($this->basename . '.' . $this->age); } else { // バックアップ do { $age = ++$this->status['age']; } while (file_exists($this->basename . '.' . $this->age)); // 世代を加算してリネーム if (!rename($this->basename, $this->basename . '.' . $this->age)) { // リネーム失敗? return false; } } $this->status['count'][$this->age] = $this->status['count'][0]; $this->status['count'][0] = 0; $this->updateStatus(); // ページのタイムスタンプを更新 $wiki = Factory::Wiki($this->page); if ($wiki->has()) { $wiki->touch(); } if ($notify) { $footer['ACTION'] = 'File deleted'; $footer['FILENAME'] =& $this->file; $footer['PAGE'] =& $this->page; $footer['URI'] = get_page_absuri($this->page); $footer['USER_AGENT'] = TRUE; $footer['REMOTE_ADDR'] = TRUE; pkwk_mail_notify($notify_subject, "\n", $footer) or Utility::dieMessage('pkwk_mail_notify(): Failed'); } return true; }
/** * Windows XP SP2, Vista SP1でDNSサーバーを取得する * @return string */ function getDNSServer() { @exec('ipconfig /all', $ipconfig); //print_a($ipconfig, 'label:nameserver'); foreach ($ipconfig as $line) { if (preg_match('/\\s*DNS .+:\\s+([\\d\\.]+)$/', $line, $nameservers)) { $nameserver = $nameservers[1]; } } if (empty($nameserver)) { Utility::dieMessage('Can not lookup your DNS server'); } //print_a($nameserver, 'label:nameserver'); return $nameserver; }
/** * ログファイルを読む */ public function get($join = false, $legacy = false) { if (!$this->isFile()) { return false; } if (!$this->isReadable()) { Utility::dieMessage(sprintf('LogFile.php : File <var>%s</var> is not readable.', Utility::htmlsc($this->filename))); } $name = self::get_log_field($this->kind); // ファイルの読み込み $file = $this->openFile('r'); // ロック $file->flock(LOCK_SH); // 巻き戻し(要るの?) $file->rewind(); // 初期値 $result = array(); // 1行毎ファイルを読む while (!$file->eof()) { $line = $file->fgets(); $result[] = self::line2field($line, $name); } // アンロック $file->flock(LOCK_UN); // 念のためオブジェクトを開放 unset($file); rsort($result); // 逆順にソート(最新順になる) // 出力 return $result; }
/** * スクリプトの絶対URLを取得 * @return string */ public static function get_script_absuri() { global $script_abs, $script_directory_index; global $script; static $uri; // Get if (isset($uri)) { return $uri; } if (isset($script_abs) && Utility::isUri($script_abs, true)) { $uri = $script_abs; return $uri; } else { if (isset($script) && Utility::isUri($script, true)) { $uri = $script; return $uri; } } // Set automatically $msg = 'get_script_absuri() failed: Please set [$script or $script_abs] at INI_FILE manually'; $uri = (self::is_ssl() ? 'https://' : '//') . $_SERVER['HTTP_HOST']; // ここのプロトコルは、//でもいい気がする。(RFC 3986参照) if (strpos($uri, ':') === FALSE) { // :が含まれていた場合 $uri .= $_SERVER['SERVER_PORT'] == 80 ? '' : ':' . $_SERVER['SERVER_PORT']; // port 443はSSLとは限らないので削除 } // SCRIPT_NAME が'/'で始まっていない場合(cgiなど) REQUEST_URIを使ってみる $path = SCRIPT_NAME; if ($path[0] !== '/') { if (!isset($_SERVER['REQUEST_URI']) || $_SERVER['REQUEST_URI'][0] != '/') { Utility::dieMessage($msg); } // REQUEST_URIをパースし、path部分だけを取り出す $parse_url = parse_url($uri . $_SERVER['REQUEST_URI']); if (!isset($parse_url['path']) || $parse_url['path'][0] != '/') { Utility::dieMessage($msg); } $path = $parse_url['path']; } $uri .= $path; if (!is_url($uri, true) && php_sapi_name() == 'cgi') { Utility::dieMessage($msg); } unset($msg); // Cut filename or not if (isset($script_directory_index)) { if (!file_exists($script_directory_index)) { Utility::dieMessage('Directory index file not found: ' . Utility::htmlsc($script_directory_index)); } $matches = array(); if (preg_match('#^(.+/)' . preg_quote($script_directory_index, '#') . '$#', $uri, $matches)) { $uri = $matches[1]; } } return $uri; }
/** * func.php */ function die_message($msg, $error_title = '', $http_code = 500) { return Utility::dieMessage($msg, $error_title, $http_code); }
function plugin_attachref_action() { global $vars; global $_attachref_messages; $retval['msg'] = $_attachref_messages['msg_title']; $retval['body'] = ''; $refer = isset($vars['refer']) ? $vars['refer'] : false; if (isset($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]) && $refer !== false) { $wiki = Factory::Wiki($refer); if (!$wiki->isValied()) { Utility::dieMessage('#attachref : invalied page.'); } $file = $_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]; $attachname = $file['name'][0]; $filename = preg_replace('/\\..+$/', '', $attachname, 1); // If exist file, add a name '_0', '_1', ... $count = '_0'; while (file_exists(UPLOAD_DIR . encode($refer) . '_' . encode($attachname))) { $attachname = preg_replace('/^[^\\.]+/', $filename . $count++, $attachname); } $file['name'][0] = $attachname; $attach_filename = attachref_get_attach_filename($file); $pass = isset($vars['pass']) ? md5($vars['pass']) : NULL; $retval = attach_upload($refer, $pass); if ($retval['result'] == TRUE) { $retval = attachref_insert_ref($attach_filename); } Utility::redirect($wiki->uri()); } else { $retval = attachref_showform(); } return $retval; }
function plugin_jugemkey_action() { global $vars, $auth_api, $_jugemkey_msg; if (!$auth_api['jugemkey']['use']) { return ''; } // LOGIN if (isset($vars['login'])) { Utility::redirect(plugin_jugemkey_jump_url()); die; } $obj = new AuthJugem(); // LOGOUT if (isset($vars['logout'])) { $obj->unsetSession(); Utility::redirect(); } // Get token info if (isset($vars['userinfo'])) { $rc = $obj->get_userinfo($vars['token']); if ($rc['rc'] != 200) { $msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')'; Utility::dieMessage('JugemKey: RC=' . $rc['rc'] . $msg); } $body = '<h3>' . $_jugemkey_msg['msg_userinfo'] . '</h3>' . '<strong>' . $_jugemkey_msg['msg_user_name'] . ': ' . $rc['title'] . '</strong>'; return array('msg' => 'JugemKey', 'body' => $body); } // AUTH $rc = $obj->auth($vars['frob']); if ($rc['rc'] != 200) { $msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')'; Utility::dieMessage('JugemKey: ' . $rc['rc'] . $msg); } $obj->setSession(); Utility::redirect(); die; }
// プラグインのaction命令を実行 $cmd = strtolower($vars['cmd']); $is_protect = Auth::is_protect(); if ($is_protect) { $plugin_arg = ''; if (Auth::is_protect_plugin_action($cmd)) { PluginRenderer::executePluginAction($cmd); // Location で飛ばないプラグインの場合 $plugin_arg = $cmd; } PluginRenderer::executePluginBlock('protect', $plugin_arg); } if (!empty($cmd)) { if (!PluginRenderer::hasPluginMethod($cmd, 'action')) { // プラグインにactionが定義されてない場合 Utility::dieMessage(sprintf($_string['plugin_not_implemented'], Utility::htmlsc($cmd)), 501); } else { // プラグインのactionを実行する。 // 帰り値:array('title', 'body', 'http_code'); $retvars = PluginRenderer::executePluginAction($cmd); } } if ($is_protect) { // Location で飛ぶようなプラグインの対応のため // 上のアクションプラグインの実行後に処理を実施 PluginRenderer::executePluginBlock('protect'); die('<var>PLUS_PROTECT_MODE</var> is set.'); } /////////////////////////////////////// // Page output $auth_key = Auth::get_user_info();