Fix uninitialized variable access

[pukiwiki/pukiwiki.git] / lib / make_link.php

diff --git a/lib/make_link.php b/lib/make_link.php
index b18b9a6..a83b45f 100644 (file)
--- a/lib/make_link.php
+++ b/lib/make_link.php
@@ -1,8 +1,8 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: make_link.php,v 1.30 2005/12/10 07:57:30 henoheno Exp $
-// Copyright (C)
-//   2003-2005 PukiWiki Developers Team
+// make_link.php
+// Copyright
+//   2003-2016 PukiWiki Development Team
 //   2001-2002 Originally written by yu-ji
 // License: GPL v2 or (at your option) any later version
 //
@@ -95,7 +95,7 @@ class InlineConverter
                $string = preg_replace_callback('/' . $this->pattern . '/x',
                        array(& $this, 'replace'), $string);
 
-               $arr = explode("\x08", make_line_rules(htmlspecialchars($string)));
+               $arr = explode("\x08", make_line_rules(htmlsc($string)));
                $retval = '';
                while (! empty($arr)) {
                        $retval .= array_shift($arr) . array_shift($this->result);
@@ -108,7 +108,7 @@ class InlineConverter
                $obj = $this->get_converter($arr);
 
                $this->result[] = ($obj !== NULL && $obj->set($arr, $this->page) !== FALSE) ?
-                       $obj->toString() : make_line_rules(htmlspecialchars($arr[0]));
+                       $obj->toString() : make_line_rules(htmlsc($arr[0]));
 
                return "\x08"; // Add a mark into latest processed part
        }
@@ -187,7 +187,7 @@ class Link
                $this->type = $type;
                if (! PKWK_DISABLE_INLINE_IMAGE_FROM_URI &&
                        is_url($alias) && preg_match('/\.(gif|png|jpe?g)$/i', $alias)) {
-                       $alias = '<img src="' . htmlspecialchars($alias) . '" alt="' . $name . '" />';
+                       $alias = '<img src="' . htmlsc($alias) . '" alt="' . $name . '" />';
                } else if ($alias != '') {
                        if ($converter === NULL)
                                $converter = new InlineConverter(array('plugin'));
@@ -270,7 +270,7 @@ EOD;
                } else {
                        // No such plugin, or Failed
                        $body = (($body == '') ? '' : '{' . $body . '}') . ';';
-                       return make_line_rules(htmlspecialchars('&' . $this->plain) . $body);
+                       return make_line_rules(htmlsc('&' . $this->plain) . $body);
                }
        }
 }
@@ -287,7 +287,7 @@ class Link_note extends Link
        {
                return <<<EOD
 \(\(
- ((?:(?R)|(?!\)\)).)*) # (1) note body
+ ((?>(?=\(\()(?R)|(?!\)\)).)*) # (1) note body
 \)\)
 EOD;
        }
@@ -307,7 +307,7 @@ EOD;
                if (PKWK_ALLOW_RELATIVE_FOOTNOTE_ANCHOR) {
                        $script = '';
                } else {
-                       $script = get_script_uri() . '?' . rawurlencode($page);
+                       $script = get_script_uri() . '?' . pagename_urlencode($page);
                }
 
                $id   = ++$note_id;
@@ -355,11 +355,12 @@ class Link_url extends Link
        {
                $s1 = $this->start + 1;
                return <<<EOD
-(\[\[             # (1) open bracket
- ((?:(?!\]\]).)+) # (2) alias
+((?:\[\[))?       # (1) open bracket
+((?($s1)          # (2) alias
+((?:(?!\]\]).)+)  # (3) alias name
  (?:>|:)
-)?
-(                 # (3) url
+))?
+(                 # (4) url
  (?:(?:https?|ftp|news):\/\/|mailto:)[\w\/\@\$()!?&%#:;.,~'=*+-]+
 )
 (?($s1)\]\])      # close bracket
@@ -368,13 +369,13 @@ EOD;
 
        function get_count()
        {
-               return 3;
+               return 4;
        }
 
        function set($arr, $page)
        {
-               list(, , $alias, $name) = $this->splice($arr);
-               return parent::setParam($page, htmlspecialchars($name),
+               list(, , , $alias, $name) = $this->splice($arr);
+               return parent::setParam($page, htmlsc($name),
                        '', 'url', $alias == '' ? $name : $alias);
        }
 
@@ -418,7 +419,7 @@ EOD;
        function set($arr, $page)
        {
                list(, $name, $alias) = $this->splice($arr);
-               return parent::setParam($page, htmlspecialchars($name), '', 'url', $alias);
+               return parent::setParam($page, htmlsc($name), '', 'url', $alias);
        }
 
        function toString()
@@ -519,12 +520,12 @@ EOD;
 
                $url = get_interwiki_url($name, $this->param);
                $this->url = ($url === FALSE) ?
-                       $script . '?' . rawurlencode('[[' . $name . ':' . $this->param . ']]') :
-                       htmlspecialchars($url);
+                       $script . '?' . pagename_urlencode('[[' . $name . ':' . $this->param . ']]') :
+                       htmlsc($url);
 
                return parent::setParam(
                        $page,
-                       htmlspecialchars($name . ':' . $this->param),
+                       htmlsc($name . ':' . $this->param),
                        '',
                        'InterWikiName',
                        $alias == '' ? $name . ':' . $this->param : $alias
@@ -708,15 +709,15 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $isautolin
 {
        global $script, $vars, $link_compact, $related, $_symbol_noexists;
 
-       $s_page = htmlspecialchars(strip_bracket($page));
+       $s_page = htmlsc(strip_bracket($page));
        $s_alias = ($alias == '') ? $s_page : $alias;
 
        if ($page == '') return '<a href="' . $anchor . '">' . $s_alias . '</a>';
 
-       $r_page  = rawurlencode($page);
+       $r_page  = pagename_urlencode($page);
        $r_refer = ($refer == '') ? '' : '&amp;refer=' . rawurlencode($refer);
 
-       if (! isset($related[$page]) && $page != $vars['page'] && is_page($page))
+       if (! isset($related[$page]) && $page !== $vars['page'] && is_page($page))
                $related[$page] = get_filetime($page);
 
        if ($isautolink || is_page($page)) {
@@ -836,7 +837,12 @@ function get_interwiki_url($name, $param)
                if (isset($encode_aliases[$opt])) $opt = & $encode_aliases[$opt];
 
                // Encoding conversion into specified encode, and URLencode
-               $param = rawurlencode(mb_convert_encoding($param, $opt, SOURCE_ENCODING));
+               if (strpos($url, '$1') === FALSE && substr($url, -1) === '?') {
+                       // PukiWiki site
+                       $param = pagename_urlencode(mb_convert_encoding($param, $opt, SOURCE_ENCODING));
+               } else {
+                       $param = rawurlencode(mb_convert_encoding($param, $opt, SOURCE_ENCODING));
+               }
        }
 
        // Replace or Add the parameter
@@ -851,4 +857,3 @@ function get_interwiki_url($name, $param)
 
        return $url;
 }
-?>