<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: edit.inc.php,v 1.36 2005/06/30 12:52:57 henoheno Exp $
+// $Id: edit.inc.php,v 1.49 2011/01/25 15:01:01 henoheno Exp $
+// Copyright (C) 2001-2007 PukiWiki Developers Team
+// License: GPL v2 or (at your option) any later version
//
-// Edit plugin
-// cmd=edit
+// Edit plugin (cmd=edit)
// Remove #freeze written by hand
define('PLUGIN_EDIT_FREEZE_REGEX', '/^(?:#freeze(?!\w)\s*)+/im');
}
}
- $body = "$_msg_preview<br />\n";
+ $body = $_msg_preview . '<br />' . "\n";
if ($postdata == '')
- $body .= "<strong>$_msg_preview_delete</strong>";
- $body .= "<br />\n";
+ $body .= '<strong>' . $_msg_preview_delete . '</strong>';
+ $body .= '<br />' . "\n";
if ($postdata) {
$postdata = make_str_rules($postdata);
// Arguments
$args = func_get_args();
- $s_label = strip_autolink(array_pop($args)); // {label}
+
+ // {label}. Strip anchor tags only
+ $s_label = strip_htmltag(array_pop($args), FALSE);
+
$page = array_shift($args);
- if($page == NULL) $page = '';
+ if ($page == NULL) $page = '';
$_noicon = $_nolabel = FALSE;
foreach($args as $arg){
- switch($arg){
- case '': break;
+ switch(strtolower($arg)){
+ case '' : break;
case 'nolabel': $_nolabel = TRUE; break;
- case 'noicon': $_noicon = TRUE; break;
- default: return $usage;
+ case 'noicon' : $_noicon = TRUE; break;
+ default : return $usage;
}
}
// Separate a page-name and a fixed anchor
list($s_page, $id, $editable) = anchor_explode($page, TRUE);
+
// Default: This one
if ($s_page == '') $s_page = isset($vars['page']) ? $vars['page'] : '';
+
// $s_page fixed
$isfreeze = is_freeze($s_page);
$ispage = is_page($s_page);
// Paragraph edit enabled or not
- $short = htmlspecialchars('Edit');
+ $short = htmlsc('Edit');
if ($fixed_heading_anchor_edit && $editable && $ispage && ! $isfreeze) {
// Paragraph editing
$id = rawurlencode($id);
- $title = htmlspecialchars(sprintf('Edit %s', $page));
+ $title = htmlsc(sprintf('Edit %s', $page));
$icon = '<img src="' . IMAGE_DIR . 'paraedit.png' .
'" width="9" height="9" alt="' .
$short . '" title="' . $title . '" /> ';
$title = 'Edit %s';
$icon = 'edit.png';
}
- $title = htmlspecialchars(sprintf($title, $s_page));
+ $title = htmlsc(sprintf($title, $s_page));
$icon = '<img src="' . IMAGE_DIR . $icon .
'" width="20" height="20" alt="' .
$short . '" title="' . $title . '" />';
if ($isfreeze) {
$url = $script . '?cmd=unfreeze&page=' . rawurlencode($s_page);
} else {
- if ($id != '') {
- $s_id = '&id=' . $id;
- } else {
- $s_id = '';
- }
+ $s_id = ($id == '') ? '' : '&id=' . $id;
$url = $script . '?cmd=edit&page=' . rawurlencode($s_page) . $s_id;
}
$atag = '<a' . $class . ' href="' . $url . '" title="' . $title . '">';
// Write, add, or insert new comment
function plugin_edit_write()
{
- global $vars, $trackback;
+ global $vars;
global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted;
- global $notimeupdate, $_msg_invalidpass;
+ global $notimeupdate, $_msg_invalidpass, $do_update_diff_table;
- $page = isset($vars['page']) ? $vars['page'] : '';
- $retvars = array();
+ $page = isset($vars['page']) ? $vars['page'] : '';
+ $add = isset($vars['add']) ? $vars['add'] : '';
+ $digest = isset($vars['digest']) ? $vars['digest'] : '';
- $vars['msg'] = preg_replace(PLUGIN_EDIT_FREEZE_REGEX,'',$vars['msg']);
- $postdata = $postdata_input = $vars['msg'];
+ $vars['msg'] = preg_replace(PLUGIN_EDIT_FREEZE_REGEX, '', $vars['msg']);
+ $msg = & $vars['msg']; // Reference
- if (isset($vars['add']) && $vars['add']) {
- if (isset($vars['add_top']) && $vars['add_top']) {
- $postdata = $postdata . "\n\n" . @join('', get_source($page));
- } else {
- $postdata = @join('', get_source($page)) . "\n\n" . $postdata;
- }
- }
+ $retvars = array();
+ // Collision Detection
$oldpagesrc = join('', get_source($page));
$oldpagemd5 = md5($oldpagesrc);
+ if ($digest !== $oldpagemd5) {
+ $vars['digest'] = $oldpagemd5; // Reset
- if (! isset($vars['digest']) || $vars['digest'] != $oldpagemd5) {
- $vars['digest'] = $oldpagemd5;
-
- $retvars['msg'] = $_title_collided;
- list($postdata_input, $auto) = do_update_diff($oldpagesrc, $postdata_input, $vars['original']);
+ $original = isset($vars['original']) ? $vars['original'] : '';
+ list($postdata_input, $auto) = do_update_diff($oldpagesrc, $msg, $original);
+ $retvars['msg' ] = $_title_collided;
$retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n";
+ $retvars['body'] .= $do_update_diff_table;
+ $retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE);
+ return $retvars;
+ }
- if (TRUE) {
- global $do_update_diff_table;
- $retvars['body'] .= $do_update_diff_table;
+ // Action?
+ if ($add) {
+ // Add
+ if (isset($vars['add_top']) && $vars['add_top']) {
+ $postdata = $msg . "\n\n" . @join('', get_source($page));
+ } else {
+ $postdata = @join('', get_source($page)) . "\n\n" . $msg;
}
+ } else {
+ // Edit or Remove
+ $postdata = & $msg; // Reference
+ }
- $retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE);
+ // NULL POSTING, OR removing existing page
+ if ($postdata == '') {
+ page_write($page, $postdata);
+ $retvars['msg' ] = $_title_deleted;
+ $retvars['body'] = str_replace('$1', htmlsc($page), $_title_deleted);
+ return $retvars;
}
- else {
- if ($postdata) {
- $notimestamp = ($notimeupdate != 0) && (isset($vars['notimestamp']) && $vars['notimestamp'] != '');
- if($notimestamp && ($notimeupdate == 2) && !pkwk_login($vars['pass'])) {
- // enable only administrator & password error
- $retvars['body'] = "<p><strong>$_msg_invalidpass</strong></p>\n";
- $retvars['body'] .= edit_form($page, $vars['msg'], $vars['digest'], FALSE);
- } else {
- page_write($page, $postdata, $notimestamp);
- pkwk_headers_sent();
- header('Location: ' . get_script_uri() . '?' . rawurlencode($page));
- exit;
- }
- } else {
- page_write($page, $postdata);
- $retvars['msg'] = $_title_deleted;
- $retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted);
- if ($trackback) tb_delete($page);
- }
+ // $notimeupdate: Checkbox 'Do not change timestamp'
+ $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
+ if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) {
+ // Enable only administrator & password error
+ $retvars['body'] = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
+ $retvars['body'] .= edit_form($page, $msg, $digest, FALSE);
+ return $retvars;
}
- return $retvars;
+ page_write($page, $postdata, $notimeupdate != 0 && $notimestamp);
+ pkwk_headers_sent();
+ header('Location: ' . get_script_uri() . '?' . rawurlencode($page));
+ exit;
}
// Cancel (Back to the page / Escape edit page)