htmlsc(): Just sugar for htmlspecialchars(), and a foundation

[pukiwiki/pukiwiki.git] / lib / pukiwiki.php

diff --git a/lib/pukiwiki.php b/lib/pukiwiki.php
index 168b41d..b4c4e16 100644 (file)
--- a/lib/pukiwiki.php
+++ b/lib/pukiwiki.php
@@ -1,14 +1,14 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: pukiwiki.php,v 1.9 2005/06/27 14:12:11 henoheno Exp $
+// $Id: pukiwiki.php,v 1.23 2011/01/25 15:01:01 henoheno Exp $
 //
 // PukiWiki 1.4.*
-//  Copyright (C) 2002-2005 by PukiWiki Developers Team
-//  http://pukiwiki.org/
+//  Copyright (C) 2002-2007 by PukiWiki Developers Team
+//  http://pukiwiki.sourceforge.jp/
 //
 // PukiWiki 1.3.*
 //  Copyright (C) 2002-2004 by PukiWiki Developers Team
-//  http://pukiwiki.org/
+//  http://pukiwiki.sourceforge.jp/
 //
 // PukiWiki 1.3 (Base)
 //  Copyright (C) 2001-2002 by yu-ji <sng@factage.com>
@@ -48,55 +48,109 @@ require(LIB_DIR . 'config.php');
 require(LIB_DIR . 'link.php');
 require(LIB_DIR . 'auth.php');
 require(LIB_DIR . 'proxy.php');
-require(LIB_DIR . 'mail.php');
 if (! extension_loaded('mbstring')) {
        require(LIB_DIR . 'mbstring.php');
 }
 
+// Defaults
+$notify = 0;
+
 // Load *.ini.php files and init PukiWiki
 require(LIB_DIR . 'init.php');
 
 // Load optional libraries
-if ($trackback || $referer) {
-       // Referer functionality uses trackback functions
-       // without functional reason now
-       require(LIB_DIR . 'trackback.php');
+if ($notify) {
+       require(LIB_DIR . 'mail.php'); // Mail notification
 }
 
 /////////////////////////////////////////////////
 // Main
 
 $retvars = array();
-$is_cmd = FALSE;
+$page  = isset($vars['page'])  ? $vars['page']  : '';
+$refer = isset($vars['refer']) ? $vars['refer'] : '';
+
 if (isset($vars['cmd'])) {
-       $is_cmd  = TRUE;
        $plugin = & $vars['cmd'];
 } else if (isset($vars['plugin'])) {
        $plugin = & $vars['plugin'];
 } else {
        $plugin = '';
 }
+
+// Spam filtering
+if ($spam && $method != 'GET') {
+       // Adjustment
+       $_spam   = ! empty($spam);
+       $_plugin = strtolower($plugin);
+       $_ignore = array();
+
+       switch ($_plugin) {
+               case 'search': $_spam = FALSE; break;
+               case 'edit':
+                       $_page = & $page;
+                       if (isset($vars['add']) && $vars['add']) {
+                               $_plugin = 'add';
+                       } else {
+                               $_ignore[] = 'original';
+                       }
+                       break;
+               case 'bugtrack': $_page = & $vars['base'];  break;
+               case 'tracker':  $_page = & $vars['_base']; break;
+               case 'read':     $_page = & $page;  break;
+               default: $_page = & $refer; break;
+       }
+
+       if ($_spam) {
+               require(LIB_DIR . 'spam.php');
+
+               if (isset($spam['method'][$_plugin])) {
+                       $_method = & $spam['method'][$_plugin];
+               } else if (isset($spam['method']['_default'])) {
+                       $_method = & $spam['method']['_default'];
+               } else {
+                       $_method = array();
+               }
+               $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : '';
+
+               // Hack: ignorance several keys
+               if ($_ignore) {
+                       $_vars = array();
+                       foreach($vars as $key => $value) {
+                               $_vars[$key] = & $vars[$key];
+                       }
+                       foreach($_ignore as $key) {
+                               unset($_vars[$key]);
+                       }
+               } else {
+                       $_vars = & $vars;
+               }
+
+               pkwk_spamfilter($method . ' to #' . $_plugin, $_page, $_vars, $_method, $exitmode);
+       }
+}
+
+// Plugin execution
 if ($plugin != '') {
        if (exist_plugin_action($plugin)) {
-               // Found and exec
                $retvars = do_plugin_action($plugin);
                if ($retvars === FALSE) exit; // Done
 
-               if ($is_cmd) {
+               // Rescan $vars (Some plugins rewrite it)
+               if (isset($vars['cmd'])) {
                        $base = isset($vars['page'])  ? $vars['page']  : '';
                } else {
                        $base = isset($vars['refer']) ? $vars['refer'] : '';
                }
        } else {
-               // Not found
-               $msg = 'plugin=' . htmlspecialchars($plugin) .
-                       ' is not implemented.';
+               $msg = 'plugin=' . htmlsc($plugin) . ' is not implemented.';
                $retvars = array('msg'=>$msg,'body'=>$msg);
                $base    = & $defaultpage;
        }
 }
 
-$title = htmlspecialchars(strip_bracket($base));
+// Page output
+$title = htmlsc(strip_bracket($base));
 $page  = make_search($base);
 if (isset($retvars['msg']) && $retvars['msg'] != '') {
        $title = str_replace('$1', $title, $retvars['msg']);
@@ -108,7 +162,7 @@ if (isset($retvars['body']) && $retvars['body'] != '') {
 } else {
        if ($base == '' || ! is_page($base)) {
                $base  = & $defaultpage;
-               $title = htmlspecialchars(strip_bracket($base));
+               $title = htmlsc(strip_bracket($base));
                $page  = make_search($base);
        }
 
@@ -116,9 +170,6 @@ if (isset($retvars['body']) && $retvars['body'] != '') {
        $vars['page'] = & $base;
 
        $body  = convert_html(get_source($base));
-
-       if ($trackback) $body .= tb_get_rdf($base); // Add TrackBack-Ping URI
-       if ($referer) ref_save($base);
 }
 
 // Output