BugTrack/637 mb_convert_variables() for $vars

[pukiwiki/pukiwiki.git] / init.php

<?php
/////////////////////////////////////////////////
// PukiWiki - Yet another WikiWikiWeb clone.
//
// $Id: init.php,v 1.92 2004/07/23 14:38:33 henoheno Exp $
//

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥¨¥é¡¼½ÐÎÏ¥ì¥Ù¥ë)
error_reporting(E_ERROR | E_PARSE);     // (E_WARNING | E_NOTICE)¤ò½ü³°¤·¤Æ¤¤¤Þ¤¹
//error_reporting(E_ALL);

/////////////////////////////////////////////////
// ½é´üÀßÄê (ʸ»ú¥¨¥ó¥³¡¼¥É¡¢¸À¸ì)
define('LANG','ja');    // Select 'ja' or 'en'
define('SOURCE_ENCODING','EUC-JP');

// mbstring extension ´ØÏ¢
mb_language('Japanese');
mb_internal_encoding(SOURCE_ENCODING);
ini_set('mbstring.http_input', 'pass');
mb_http_output('pass');
mb_detect_order('auto');

/////////////////////////////////////////////////
// ½é´üÀßÄê(ÀßÄê¥Õ¥¡¥¤¥ë¤Î¾ì½ê)
define('LANG_FILE', DATA_HOME . LANG . '.lng');
define('INI_FILE',  DATA_HOME . './pukiwiki.ini.php');

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥Ð¡¼¥¸¥ç¥ó/Ãøºî¸¢)
define('S_VERSION','1.4.3');
define('S_COPYRIGHT','
<strong>"PukiWiki" '.S_VERSION.'</strong> Copyright &copy; 2001-2004
<a href="http://pukiwiki.org">PukiWiki Developers Team</a>.
License is <a href="http://www.gnu.org/">GNU/GPL</a>.<br />
Based on "PukiWiki" 1.3 by <a href="http://factage.com/sng/">sng</a>
');

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥µ¡¼¥ÐÊÑ¿ô)
foreach (array('SCRIPT_NAME', 'SERVER_ADMIN', 'SERVER_NAME',
        'SERVER_PORT', 'SERVER_SOFTWARE') as $key) {
        define($key, isset($_SERVER[$key]) ? $_SERVER[$key] : '');
        unset(${$key}, $_SERVER[$key], $HTTP_SERVER_VARS[$key]);
}

/////////////////////////////////////////////////
// ½é´üÀßÄê (¥°¥í¡¼¥Ð¥ëÊÑ¿ô)

// µÓÃí
$foot_explain = array();
// ´ØÏ¢¤¹¤ë¥Ú¡¼¥¸
$related = array();
// <head>Æâ¤ËÄɲ乤륿¥°
$head_tags = array();

/////////////////////////////////////////////////
// ½é´üÀßÄê(»þ´Ö)
define('LOCALZONE',date('Z'));
define('UTIME',time() - LOCALZONE);
define('MUTIME',getmicrotime());

/////////////////////////////////////////////////
// ¥Õ¥¡¥¤¥ëÆɤ߹þ¤ß
$die = '';
foreach(array('LANG_FILE', 'INI_FILE') as $file){
        if (!file_exists(constant($file)) || !is_readable(constant($file))) {
                $die = "${die}File is not found. ($file)\n";
        } else {
                require(constant($file));
        }
}
if ($die) { die_message(nl2br("\n\n" . $die)); }

/////////////////////////////////////////////////
// INI_FILE: $script: ½é´üÀßÄê
if (!isset($script) or $script == '') {
        $script = get_script_uri();
        if ($script === FALSE or (php_sapi_name() == 'cgi' and !is_url($script,TRUE))) {
                die_message('get_script_uri() failed: Please set $script at INI_FILE manually.');
        }
}

/////////////////////////////////////////////////
// INI_FILE: $agents:  UserAgent¤Î¼±ÊÌ

$ua = 'HTTP_USER_AGENT';
$user_agent = $matches = array();

$user_agent['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
unset(${$ua}, $_SERVER[$ua], $HTTP_SERVER_VARS[$ua], $ua);      // safety

foreach ($agents as $agent) {
        if (preg_match($agent['pattern'], $user_agent['agent'], $matches)) {
                $user_agent['profile'] = isset($agent['profile']) ? $agent['profile'] : '';
                $user_agent['name']    = isset($matches[1]) ? $matches[1] : ''; // device or browser name
                $user_agent['vers']    = isset($matches[2]) ? $matches[2] : ''; // 's version
                break;
        }
}
unset($agents, $matches);

// Profile-related init and setting
define('UA_PROFILE', isset($user_agent['profile']) ? $user_agent['profile'] : '');

//// Not needed now
// define('INI_PRO_FILE', SUB_DIR . 'init.' . UA_PROFILE . '.php');
// if (file_exists(INI_PRO_FILE) && is_readable(INI_PRO_FILE)) {
//      require(INI_PRO_FILE);  // A chance to set or rewrite $user_agent['name'] and ['vers'] automatically
// }

define('UA_INI_FILE', UA_PROFILE . '.ini.php');
if (!file_exists(UA_INI_FILE) || !is_readable(UA_INI_FILE)) {
        die_message('UA_INI_FILE for "' . UA_PROFILE . '" not found.');
} else {
        require(UA_INI_FILE); // Also manually
}

define('UA_NAME', isset($user_agent['name']) ? $user_agent['name'] : '');
define('UA_VERS', isset($user_agent['vers']) ? $user_agent['vers'] : '');
unset($user_agent);     // Unset after reading UA_INI_FILE

/////////////////////////////////////////////////
// ¥Ç¥£¥ì¥¯¥È¥ê¤Î¥Á¥§¥Ã¥¯

$die = '';
foreach(array('DATA_DIR', 'DIFF_DIR', 'BACKUP_DIR', 'CACHE_DIR') as $dir){
        if(!is_writable(constant($dir))) {
                $die = "${die}Directory is not found or not writable ($dir)\n";
        }
}

// ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊÑ¿ô¥Á¥§¥Ã¥¯
$temp = '';
foreach(array('rss_max', 'page_title', 'note_hr', 'related_link', 'show_passage',
        'rule_related_str', 'load_template_func') as $var){
        if (!isset(${$var})) { $temp .= "\$$var\n"; }
}
if ($temp) {
        if ($die) { $die .= "\n"; }     // A breath
        $die = "${die}Variable(s) not found: (Maybe the old *.ini.php?)\n" . $temp;
}

$temp = '';
foreach(array('LANG', 'PLUGIN_DIR') as $def){
        if (!defined($def)) $temp .= "$def\n";
}
if ($temp) {
        if ($die) { $die .= "\n"; }     // A breath
        $die = "${die}Define(s) not found: (Maybe the old *.ini.php?)\n" . $temp;
}

if($die){ die_message(nl2br("\n\n" . $die)); }
unset($die, $temp);

/////////////////////////////////////////////////
// ɬ¿Ü¤Î¥Ú¡¼¥¸¤¬Â¸ºß¤·¤Ê¤±¤ì¤Ð¡¢¶õ¤Î¥Õ¥¡¥¤¥ë¤òºîÀ®¤¹¤ë

foreach(array($defaultpage, $whatsnew, $interwiki) as $page){
        if (!is_page($page)) { touch(get_filename($page)); }
}

/////////////////////////////////////////////////
// ³°Éô¤«¤é¤¯¤ëÊÑ¿ô¤ò¥Á¥§¥Ã¥¯

// Prohibit $_GET attack
foreach (array('msg', 'pass') as $key) {
        if (isset($_GET[$key])) die_message("Sorry, already reserved: $key=");
}

$_GET    = input_filter($_GET);    $get    = & $_GET;
$_POST   = input_filter($_POST);   $post   = & $_POST;
$_COOKIE = input_filter($_COOKIE); $cookie = & $_COOKIE;

// Expire risk
unset($HTTP_GET_VARS, $HTTP_POST_VARS); //, 'SERVER', 'ENV', 'SESSION', ...

/////////////////////////////////////////////////
// ʸ»ú¥³¡¼¥É¤òÊÑ´¹

// <form> ¤ÇÁ÷¿®¤µ¤ì¤¿Ê¸»ú (¥Ö¥é¥¦¥¶¤¬¥¨¥ó¥³¡¼¥É¤·¤¿¥Ç¡¼¥¿) ¤Î¥³¡¼¥É¤òÊÑ´¹
// post ¤Ï¾ï¤Ë <form> ¤Ê¤Î¤Ç¡¢É¬¤ºÊÑ´¹
if (isset($post['encode_hint']) && $post['encode_hint'] != '')
{
        // html.php ¤ÎÃæ¤Ç¡¢<form> ¤Ë encode_hint ¤ò»Å¹þ¤ó¤Ç¤¤¤ë¤Î¤Ç¡¢
        // encode_hint ¤òÍѤ¤¤Æ¥³¡¼¥É¸¡½Ð¤¹¤ë¡£
        // Á´ÂΤò¸«¤Æ¥³¡¼¥É¸¡½Ð¤¹¤ë¤È¡¢µ¡¼ï°Í¸ʸ»ú¤ä¡¢Ì¯¤Ê¥Ð¥¤¥Ê¥ê
        // ¥³¡¼¥É¤¬º®Æþ¤·¤¿¾ì¹ç¤Ë¡¢¥³¡¼¥É¸¡½Ð¤Ë¼ºÇÔ¤¹¤ë¶²¤ì¤¬¤¢¤ë¡£
        $encode = mb_detect_encoding($post['encode_hint']);
        mb_convert_variables(SOURCE_ENCODING, $encode, $post);
        mb_convert_variables(SOURCE_ENCODING, $encode, $vars);
}
else if (isset($post['charset']) && $post['charset'] != '')
{
        // TrackBack Ping¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¤³¤È¤¬¤¢¤ë
        // »ØÄꤵ¤ì¤¿¾ì¹ç¤Ï¡¢¤½¤ÎÆâÍƤÇÊÑ´¹¤ò»î¤ß¤ë
        // ¤¦¤Þ¤¯¤¤¤«¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¥³¡¼¥É¸¡½Ð¤ÎÀßÄê¤ÇÊÑ´¹¤·¤Ê¤ª¤·
        if (mb_convert_variables(SOURCE_ENCODING, $post['charset'], $post) !== $post['charset'])
                mb_convert_variables(SOURCE_ENCODING, 'auto', $post);

        if (mb_convert_variables(SOURCE_ENCODING, $vars['charset'], $vars) !== $vars['charset'])
                mb_convert_variables(SOURCE_ENCODING, 'auto', $vars);
}
else if (count($post) > 0)
{
        // ¥Ç¥Ð¥Ã¥°ÍѤˡ¢¼è¤ê¤¢¤¨¤º¡¢·Ù¹ð¥á¥Ã¥»¡¼¥¸¤ò½Ð¤·¤Æ¤ª¤­¤Þ¤¹¡£
        // echo "<p>Warning: 'encode_hint' field is not found in the posted data.</p>\n";

        // Á´Éô¤Þ¤È¤á¤Æ¡¢¥³¡¼¥É¸¡½Ð¡¢ÊÑ´¹
        mb_convert_variables(SOURCE_ENCODING, 'auto', $post);
        mb_convert_variables(SOURCE_ENCODING, 'auto', $vars);
}

// get ¤Ï <form> ¤«¤é¤Î¾ì¹ç¤È¡¢<a href="http;//script/?query> ¤Î¾ì¹ç¤¬¤¢¤ë
if (isset($get['encode_hint']) && $get['encode_hint'] != '')
{
        // <form> ¤Î¾ì¹ç¤Ï¡¢¥Ö¥é¥¦¥¶¤¬¥¨¥ó¥³¡¼¥É¤·¤Æ¤¤¤ë¤Î¤Ç¡¢¥³¡¼¥É¸¡½Ð¡¦ÊÑ´¹¤¬É¬Íס£
        // encode_hint ¤¬´Þ¤Þ¤ì¤Æ¤¤¤ë¤Ï¤º¤Ê¤Î¤Ç¡¢¤½¤ì¤ò¸«¤Æ¡¢¥³¡¼¥É¸¡½Ð¤·¤¿¸å¡¢ÊÑ´¹¤¹¤ë¡£
        // Íýͳ¤Ï¡¢post ¤ÈƱÍÍ
        $encode = mb_detect_encoding($get['encode_hint']);
        mb_convert_variables(SOURCE_ENCODING, $encode, $get);
}       
// <a href...> ¤Î¾ì¹ç¤Ï¡¢¥µ¡¼¥Ð¡¼¤¬ rawurlencode ¤·¤Æ¤¤¤ë¤Î¤Ç¡¢¥³¡¼¥ÉÊÑ´¹¤ÏÉÔÍ×

// QUERY_STRING¤ò¼èÆÀ
// cmd¤âplugin¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢QUERY_STRING¤ò¥Ú¡¼¥¸Ì¾¤«InterWikiName¤Ç¤¢¤ë¤È¤ß¤Ê¤¹°Ù
// ¤Þ¤¿¡¢URI ¤ò urlencode ¤»¤º¤Ë¼êÂǤÁ¤ÇÆþÎϤ·¤¿¾ì¹ç¤ËÂн褹¤ë°Ù
$arg = '';
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) {
        $arg = $_SERVER['QUERY_STRING'];
} else if (isset($_SERVER['argv']) && count($_SERVER['argv'])) {
        $arg = $_SERVER['argv'][0];
}
// \0 ½üµî
$arg = input_filter($arg);

// unset QUERY_STRINGs
foreach (array('QUERY_STRING', 'argv', 'argc') as $key) {
        unset(${$key}, $_SERVER[$key], $HTTP_SERVER_VARS[$key]);
}
// $_SERVER['REQUEST_URI'] is used by func.php NOW
unset($REQUEST_URI, $HTTP_SERVER_VARS['REQUEST_URI']);

// URI ¼êÂǤξì¹ç¡¢¥³¡¼¥ÉÊÑ´¹¤·¡¢get[] ¤Ë¾å½ñ¤­
// mb_convert_variables¤Î¥Ð¥°(?)Âкö ÇÛÎó¤ÇÅϤµ¤Ê¤¤¤ÈÍî¤Á¤ë
$arg = array($arg);
mb_convert_variables(SOURCE_ENCODING, 'auto', $arg);
$arg = $arg[0];

$matches = array();
foreach (explode('&', $arg) as $tmp_string)
{
        if (preg_match('/^([^=]+)=(.+)/', $tmp_string, $matches)
                and mb_detect_encoding($matches[2]) != 'ASCII')
        {
                $get[$matches[1]] = $matches[2];
        }
}
unset($matches);

/////////////////////////////////////////////////
// GET + POST = $vars

$_REQUEST = input_filter($_REQUEST);
$vars = & $_REQUEST;

// ÆþÎÏ¥Á¥§¥Ã¥¯: cmd, plugin ¤Îʸ»úÎó¤Ï±Ñ¿ô»ú°Ê³°¤¢¤ê¤¨¤Ê¤¤
foreach(array('cmd', 'plugin') as $var){
        if (array_key_exists($var, $vars) &&
            ! preg_match('/^[a-zA-Z][a-zA-Z0-9_]*$/', $vars[$var])) {
                unset($get[$var], $post[$var], $vars[$var]);
        }
}

// À°·Á: page, strip_bracket()
if (array_key_exists('page', $vars)) {
        $get['page'] = $post['page'] = $vars['page']  = strip_bracket($vars['page']);
} else {
        $get['page'] = $post['page'] = $vars['page'] = '';
}

// À°·Á: msg, ²þ¹Ô¤ò¼è¤ê½ü¤¯
if (isset($vars['msg'])) {
        $get['msg'] = $post['msg'] = $vars['msg'] = str_replace("\r",'',$vars['msg']);
}

// ¸åÊý¸ß´¹À­ (?md5=...)
if (array_key_exists('md5', $vars) and $vars['md5'] != '') {
        $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'md5';
}

// TrackBack Ping
if (array_key_exists('tb_id', $vars) and $vars['tb_id'] != '') {
        $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'tb';
}

// cmd¤âplugin¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢QUERY_STRING¤ò¥Ú¡¼¥¸Ì¾¤«InterWikiName¤Ç¤¢¤ë¤È¤ß¤Ê¤¹
if (!array_key_exists('cmd',$vars)  and !array_key_exists('plugin',$vars))
{
        if ($arg == '')
        {
                //¤Ê¤Ë¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï$defaultpage¤òɽ¼¨
                $arg = $defaultpage;
        }               
        $arg = rawurldecode($arg);
        $arg = strip_bracket($arg);
        $arg = input_filter($arg);

        $get['cmd']  = $post['cmd']  = $vars['cmd']  = 'read';
        $get['page'] = $post['page'] = $vars['page'] = $arg;
}

// ÆþÎÏ¥Á¥§¥Ã¥¯: 'cmd=' prohibits nasty 'plugin='
if (isset($vars['cmd']) && isset($vars['plugin']))
        unset($get['plugin'], $post['plugin'], $vars['plugin']);


/////////////////////////////////////////////////
// ½é´üÀßÄê($WikiName,$BracketName¤Ê¤É)
// $WikiName = '[A-Z][a-z]+(?:[A-Z][a-z]+)+';
// $WikiName = '\b[A-Z][a-z]+(?:[A-Z][a-z]+)+\b';
// $WikiName = '(?<![[:alnum:]])(?:[[:upper:]][[:lower:]]+){2,}(?![[:alnum:]])';
// $WikiName = '(?<!\w)(?:[A-Z][a-z]+){2,}(?!\w)';

// BugTrack/304»ÃÄêÂнè
$WikiName = '(?:[A-Z][a-z]+){2,}(?!\w)';

// $BracketName = ':?[^\s\]#&<>":]+:?';
$BracketName = '(?!\s):?[^\r\n\t\f\[\]<>#&":]+:?(?<!\s)';

// InterWiki
$InterWikiName = "(\[\[)?((?:(?!\s|:|\]\]).)+):(.+)(?(1)\]\])";

// Ãí¼á
$NotePattern = '/\(\(((?:(?>(?:(?!\(\()(?!\)\)(?:[^\)]|$)).)+)|(?R))*)\)\)/ex';

/////////////////////////////////////////////////
// ½é´üÀßÄê(¥æ¡¼¥¶ÄêµÁ¥ë¡¼¥ëÆɤ߹þ¤ß)
require(DATA_HOME . 'rules.ini.php');

/////////////////////////////////////////////////
// ½é´üÀßÄê(¤½¤Î¾¤Î¥°¥í¡¼¥Ð¥ëÊÑ¿ô)

// ¸½ºß»þ¹ï
$now = format_date(UTIME);

// skinÆâ¤ÇDTDÀë¸À¤òÀÚ¤êÂؤ¨¤ë¤Î¤Ë»ÈÍÑ¡£paint.inc.phpÂкö
$html_transitional = FALSE;
// FALSE:XHTML 1.1
// TRUE :XHTML 1.0 Transitional

// ¥Õ¥§¥¤¥¹¥Þ¡¼¥¯¤ò$line_rules¤Ë²Ã¤¨¤ë
if ($usefacemark) { $line_rules += $facemark_rules; }
unset($facemark_rules);

// ¼ÂÂλ²¾È¥Ñ¥¿¡¼¥ó¤ª¤è¤Ó¥·¥¹¥Æ¥à¤Ç»ÈÍѤ¹¤ë¥Ñ¥¿¡¼¥ó¤ò$line_rules¤Ë²Ã¤¨¤ë
//$entity_pattern = '[a-zA-Z0-9]{2,8}';
$entity_pattern = trim(join('',file(CACHE_DIR.'entities.dat')));

$line_rules = array_merge(array(
        '&amp;(#[0-9]+|#x[0-9a-f]+|' . $entity_pattern . ');' => '&$1;',
        "\r"          => "<br />\n",    /* ¹ÔËö¤Ë¥Á¥ë¥À¤Ï²þ¹Ô */
        '#related$'   => '<del>#related</del>',
        '^#contents$' => '<del>#contents</del>'
), $line_rules);

?>