BugTrack/487: AutoLink対象のページ名がひとつもないときに、不正なパターンを生成していた

[pukiwiki/pukiwiki.git] / init.php

<?php
/////////////////////////////////////////////////
// PukiWiki - Yet another WikiWikiWeb clone.
//
// $Id: init.php,v 1.67 2003/11/10 02:44:59 arino Exp $
//

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥¨¥é¡¼½ÐÎÏ¥ì¥Ù¥ë)
// (E_WARNING | E_NOTICE)¤ò½ü³°¤·¤Æ¤¤¤Þ¤¹¡£
error_reporting(E_ERROR | E_PARSE);

/////////////////////////////////////////////////
// ½é´üÀßÄê (ʸ»ú¥¨¥ó¥³¡¼¥É¡¢¸À¸ì)
define('SOURCE_ENCODING','EUC-JP');
define('LANG','ja');
mb_internal_encoding(SOURCE_ENCODING);
mb_http_output(SOURCE_ENCODING);

/////////////////////////////////////////////////
// ½é´üÀßÄê(ÀßÄê¥Õ¥¡¥¤¥ë¤Î¾ì½ê)
define('INI_FILE','./pukiwiki.ini.php');

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥Ð¡¼¥¸¥ç¥ó/Ãøºî¸¢)
define('S_VERSION','1.4.1');
define('S_COPYRIGHT','
<strong>"PukiWiki" '.S_VERSION.'</strong> Copyright &copy; 2001,2002,2003
<a href="http://pukiwiki.org">PukiWiki Developers Team</a>.
License is <a href="http://www.gnu.org/">GNU/GPL</a>.<br />
Based on "PukiWiki" 1.3 by <a href="http://factage.com/sng/">sng</a>
');

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥µ¡¼¥ÐÊÑ¿ô)
foreach (array('HTTP_USER_AGENT','PHP_SELF','SERVER_NAME','SERVER_SOFTWARE','SERVER_ADMIN') as $key) {
        define($key,array_key_exists($key,$_SERVER) ? $_SERVER[$key] : '');
}

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥°¥í¡¼¥Ð¥ëÊÑ¿ô)
// ¥µ¡¼¥Ð¤«¤éÍè¤ëÊÑ¿ô
$vars = array();
// µÓÃí
$foot_explain = array();
// ´ØÏ¢¤¹¤ë¥Ú¡¼¥¸
$related = array();
// <head>Æâ¤ËÄɲ乤륿¥°
$head_tags = array();

/////////////////////////////////////////////////
// ½é´üÀßÄê(»þ´Ö)
define('LOCALZONE',date('Z'));
define('UTIME',time() - LOCALZONE);
define('MUTIME',getmicrotime());

/////////////////////////////////////////////////
// ¸À¸ì¥Õ¥¡¥¤¥ëÆɤ߹þ¤ß
if (!file_exists(LANG.'.lng')||!is_readable(LANG.'.lng')) {
        die_message(LANG.'.lng(language file) is not found.');
}
require(LANG.'.lng');

/////////////////////////////////////////////////
// ÀßÄê¥Õ¥¡¥¤¥ëÆɤ߹þ¤ß
if (!file_exists(INI_FILE)||!is_readable(INI_FILE)) {
        die_message(INI_FILE.' is not found.');
}
require(INI_FILE);

/////////////////////////////////////////////////
// ½é´üÀßÄê($script)
if (!isset($script) or $script == '') {
        $script = get_script_uri();
}
if ($script === FALSE or
        (php_sapi_name() == 'cgi' and
                !preg_match('/^https?:\/\/[-_.!~*\'()a-zA-Z0-9;\/?:\@&=+\$,%#]*$/',$script))) {
        die_message("please set '\$script' in ".INI_FILE);
}

/////////////////////////////////////////////////
// ÀßÄê¥Õ¥¡¥¤¥ëÆɤ߹þ¤ß(UserAgent)
foreach ($agents as $agent) {
        if (preg_match($agent['pattern'],HTTP_USER_AGENT,$matches)) {
                $agent['matches'] = $matches;
                $user_agent = $agent;
                break;
        }
}
define('UA_INI_FILE',$user_agent['name'].'.ini.php');

if (!file_exists(UA_INI_FILE)||!is_readable(UA_INI_FILE)) {
        die_message(UA_INI_FILE.' is not found.');
}
require(UA_INI_FILE);

/////////////////////////////////////////////////
// ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊÑ¿ô¥Á¥§¥Ã¥¯
if(!is_writable(DATA_DIR)) {
        die_message('DATA_DIR is not found or not writable.');
}
if(!is_writable(DIFF_DIR)) {
        die_message('DIFF_DIR is not found or not writable.');
}
if($do_backup && !is_writable(BACKUP_DIR)) {
        die_message('BACKUP_DIR is not found or not writable.');
}
if(!is_writable(CACHE_DIR)) {
        die_message('CACHE_DIR is not found or not writable.');
}
$wrong_ini_file = '';
if (!isset($rss_max)) $wrong_ini_file .= '$rss_max ';
if (!isset($page_title)) $wrong_ini_file .= '$page_title ';
if (!isset($note_hr)) $wrong_ini_file .= '$note_hr ';
if (!isset($related_link)) $wrong_ini_file .= '$related_link ';
if (!isset($show_passage)) $wrong_ini_file .= '$show_passage ';
if (!isset($rule_related_str)) $wrong_ini_file .= '$rule_related_str ';
if (!isset($load_template_func)) $wrong_ini_file .= '$load_template_func ';
if (!defined('LANG')) $wrong_ini_file .= 'LANG ';
if (!defined('PLUGIN_DIR')) $wrong_ini_file .= 'PLUGIN_DIR ';
if ($wrong_ini_file) {
        die_message('The setting file runs short of information.<br />The version of a setting file may be old.<br /><br />These option are not found : '.$wrong_ini_file);
}
if (!is_page($defaultpage)) {
        touch(get_filename($defaultpage));
}
if (!is_page($whatsnew)) {
        touch(get_filename($whatsnew));
}
if (!is_page($interwiki)) {
        touch(get_filename($interwiki));
}

/////////////////////////////////////////////////
// ³°Éô¤«¤é¤¯¤ëÊÑ¿ô¤ò¥µ¥Ë¥¿¥¤¥º
$get    = sanitize($_GET);
$post   = sanitize($_POST);
$cookie = sanitize($_COOKIE);

/////////////////////////////////////////////////
// ʸ»ú¥³¡¼¥É¤òÊÑ´¹

// <form> ¤ÇÁ÷¿®¤µ¤ì¤¿Ê¸»ú (¥Ö¥é¥¦¥¶¤¬¥¨¥ó¥³¡¼¥É¤·¤¿¥Ç¡¼¥¿) ¤Î¥³¡¼¥É¤òÊÑ´¹
// post ¤Ï¾ï¤Ë <form> ¤Ê¤Î¤Ç¡¢É¬¤ºÊÑ´¹
if (array_key_exists('encode_hint',$post))
{
        // html.php ¤ÎÃæ¤Ç¡¢<form> ¤Ë encode_hint ¤ò»Å¹þ¤ó¤Ç¤¤¤ë¤Î¤Ç¡¢É¬¤º encode_hint ¤¬¤¢¤ë¤Ï¤º¡£
        // encode_hint ¤Î¤ß¤òÍѤ¤¤Æ¥³¡¼¥É¸¡½Ð¤¹¤ë¡£
        // Á´ÂΤò¸«¤Æ¥³¡¼¥É¸¡½Ð¤¹¤ë¤È¡¢µ¡¼ï°Í¸ʸ»ú¤ä¡¢Ì¯¤Ê¥Ð¥¤¥Ê¥ê¥³¡¼¥É¤¬º®Æþ¤·¤¿¾ì¹ç¤Ë¡¢
        // ¥³¡¼¥É¸¡½Ð¤Ë¼ºÇÔ¤¹¤ë¶²¤ì¤¬¤¢¤ë¤¿¤á¡£
        $encode = mb_detect_encoding($post['encode_hint']);
        mb_convert_variables(SOURCE_ENCODING,$encode,$post);
}
else if (array_key_exists('charset',$post))
{
        // TrackBack Ping¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¤³¤È¤¬¤¢¤ë
        // »ØÄꤵ¤ì¤¿¾ì¹ç¤Ï¡¢¤½¤ÎÆâÍƤÇÊÑ´¹¤ò»î¤ß¤ë
        if (mb_convert_variables(SOURCE_ENCODING,$post['charset'],$post) !== $post['charset'])
        {
                // ¤¦¤Þ¤¯¤¤¤«¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¥³¡¼¥É¸¡½Ð¤ÎÀßÄê¤ÇÊÑ´¹¤·¤Ê¤ª¤·
                mb_convert_variables(SOURCE_ENCODING,'auto',$post);
        }
}
else if (count($post) > 0)
{
        // encode_hint ¤¬Ìµ¤¤¤È¤¤¤¦¤³¤È¤Ï¡¢Ìµ¤¤¤Ï¤º¡£
        // ¥Ç¥Ð¥Ã¥°ÍѤˡ¢¼è¤ê¤¢¤¨¤º¡¢·Ù¹ð¥á¥Ã¥»¡¼¥¸¤ò½Ð¤·¤Æ¤ª¤­¤Þ¤¹¡£
//      echo "<p>Warning: 'encode_hint' field is not found in the posted data.</p>\n";
        // Á´Éô¤Þ¤È¤á¤Æ¡¢¥³¡¼¥É¸¡½Ð¡¢ÊÑ´¹
        mb_convert_variables(SOURCE_ENCODING,'auto',$post);
}

// get ¤Ï <form> ¤«¤é¤Î¾ì¹ç¤È¡¢<a href="http;//script/?query> ¤Î¾ì¹ç¤¬¤¢¤ë
if (array_key_exists('encode_hint',$get))
{
        // <form> ¤Î¾ì¹ç¤Ï¡¢¥Ö¥é¥¦¥¶¤¬¥¨¥ó¥³¡¼¥É¤·¤Æ¤¤¤ë¤Î¤Ç¡¢¥³¡¼¥É¸¡½Ð¡¦ÊÑ´¹¤¬É¬Íס£
        // encode_hint ¤¬´Þ¤Þ¤ì¤Æ¤¤¤ë¤Ï¤º¤Ê¤Î¤Ç¡¢¤½¤ì¤ò¸«¤Æ¡¢¥³¡¼¥É¸¡½Ð¤·¤¿¸å¡¢ÊÑ´¹¤¹¤ë¡£
        // Íýͳ¤Ï¡¢post ¤ÈƱÍÍ
        $encode = mb_detect_encoding($get['encode_hint']);
        mb_convert_variables(SOURCE_ENCODING,$encode,$get);
}       
// <a href...> ¤Î¾ì¹ç¤Ï¡¢¥µ¡¼¥Ð¡¼¤¬ rawurlencode ¤·¤Æ¤¤¤ë¤Î¤Ç¡¢¥³¡¼¥ÉÊÑ´¹¤ÏÉÔÍ×

// QUERY_STRING¤ò¼èÆÀ
// cmd¤âplugin¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢QUERY_STRING¤ò¥Ú¡¼¥¸Ì¾¤«InterWikiName¤Ç¤¢¤ë¤È¤ß¤Ê¤¹°Ù
// ¤Þ¤¿¡¢URI ¤ò urlencode ¤»¤º¤Ë¼êÂǤÁ¤ÇÆþÎϤ·¤¿¾ì¹ç¤ËÂн褹¤ë°Ù
$arg = '';
if ($_SERVER['QUERY_STRING'] != '')
{
        $arg = $_SERVER['QUERY_STRING'];
}
else if (array_key_exists(0,$_SERVER['argv']))
{
        $arg = $_SERVER['argv'][0];
}

// ¥µ¥Ë¥¿¥¤¥º (\0 ½üµî)
$arg = sanitize($arg);

// URI ¼êÂǤξì¹ç¡¢¥³¡¼¥ÉÊÑ´¹¤·¡¢get[] ¤Ë¾å½ñ¤­
// mb_convert_variables¤Î¥Ð¥°(?)Âкö ÇÛÎó¤ÇÅϤµ¤Ê¤¤¤ÈÍî¤Á¤ë
$arg = array($arg);
mb_convert_variables(SOURCE_ENCODING,'auto',$arg);
$arg = $arg[0];

foreach (explode('&',$arg) as $tmp_string)
{
        if (preg_match('/^([^=]+)=(.+)/',$tmp_string,$matches)
                and mb_detect_encoding($matches[2]) != 'ASCII')
        {
                $get[$matches[1]] = $matches[2];
        }
}

if (!empty($get['page']))
{
        $get['page']  = strip_bracket($get['page']);
}
if (!empty($post['page']))
{
        $post['page'] = strip_bracket($post['page']);
}
if (!empty($post['msg']))
{
        $post['msg']  = str_replace("\r",'',$post['msg']);
}

$vars = array_merge($post,$get);
if (!array_key_exists('page',$vars))
{
        $get['page'] = $post['page'] = $vars['page'] = '';
}

// ¸åÊý¸ß´¹À­ (?md5=...)
if (array_key_exists('md5',$vars) and $vars['md5'] != '')
{
        $vars['cmd'] = 'md5';
}

// cmd¤âplugin¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢QUERY_STRING¤ò¥Ú¡¼¥¸Ì¾¤«InterWikiName¤Ç¤¢¤ë¤È¤ß¤Ê¤¹
if (!array_key_exists('cmd',$vars)  and !array_key_exists('plugin',$vars))
{
        if ($arg == '')
        {
                //¤Ê¤Ë¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï$defaultpage¤òɽ¼¨
                $arg = $defaultpage;
        }               
        $arg = rawurldecode($arg);
        $arg = strip_bracket($arg);
        $arg = sanitize($arg);

        $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'read';
        $get['page'] = $post['page'] = $vars['page'] = $arg;
}

/////////////////////////////////////////////////
// ½é´üÀßÄê($WikiName,$BracketName¤Ê¤É)
// $WikiName = '[A-Z][a-z]+(?:[A-Z][a-z]+)+';
// $WikiName = '\b[A-Z][a-z]+(?:[A-Z][a-z]+)+\b';
// $WikiName = '(?<![[:alnum:]])(?:[[:upper:]][[:lower:]]+){2,}(?![[:alnum:]])';
// $WikiName = '(?<!\w)(?:[A-Z][a-z]+){2,}(?!\w)';
// BugTrack/304»ÃÄêÂнè
$WikiName = '(?:[A-Z][a-z]+){2,}(?!\w)';
// $BracketName = ':?[^\s\]#&<>":]+:?';
$BracketName = '(?!\s):?[^\r\n\t\f\[\]<>#&":]+:?(?<!\s)';
// InterWiki
$InterWikiName = "(\[\[)?((?:(?!\s|:|\]\]).)+):(.+)(?(1)\]\])";
// Ãí¼á
$NotePattern = '/\(\(((?:(?>(?:(?!\(\()(?!\)\)(?:[^\)]|$)).)+)|(?R))*)\)\)/ex';

/////////////////////////////////////////////////
// ½é´üÀßÄê(¥æ¡¼¥¶ÄêµÁ¥ë¡¼¥ëÆɤ߹þ¤ß)
require('rules.ini.php');

/////////////////////////////////////////////////
// ½é´üÀßÄê(¤½¤Î¾¤Î¥°¥í¡¼¥Ð¥ëÊÑ¿ô)
// ¸½ºß»þ¹ï
$now = format_date(UTIME);
// skinÆâ¤ÇDTDÀë¸À¤òÀÚ¤êÂؤ¨¤ë¤Î¤Ë»ÈÍÑ¡£paint.inc.phpÂкö
// FALSE:XHTML 1.1
// TRUE :XHTML 1.0 Transitional
$html_transitional = FALSE;
// ¥Õ¥§¥¤¥¹¥Þ¡¼¥¯¤ò$line_rules¤Ë²Ã¤¨¤ë
if ($usefacemark)
{
        $line_rules += $facemark_rules;
}
unset($facemark_rules);
// ¼ÂÂλ²¾È¥Ñ¥¿¡¼¥ó¤ª¤è¤Ó¥·¥¹¥Æ¥à¤Ç»ÈÍѤ¹¤ë¥Ñ¥¿¡¼¥ó¤ò$line_rules¤Ë²Ã¤¨¤ë
//$entity_pattern = '[a-zA-Z0-9]{2,8}';
$entity_pattern = trim(join('',file(CACHE_DIR.'entities.dat')));
$line_rules = array_merge(array(
        '&amp;(#[0-9]+|#x[0-9a-f]+|'.$entity_pattern.');'=>'&$1;',
        "\r"=>"<br />\n", /* ¹ÔËö¤Ë¥Á¥ë¥À¤Ï²þ¹Ô */
        '#related$'=>'<del>#related</del>',
        '^#contents$'=>'<del>#contents</del>'
),$line_rules);
?>