<?php
-// $Id: insert.inc.php,v 1.12 2005/01/23 07:34:39 henoheno Exp $
+// $Id: insert.inc.php,v 1.16 2011/01/25 15:01:01 henoheno Exp $
//
// Text inserting box plugin
global $script, $vars, $cols, $rows;
global $_title_collided, $_msg_collided, $_title_updated;
+ if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (! isset($vars['msg']) || $vars['msg'] == '') return;
$vars['msg'] = preg_replace('/' . "\r" . '/', '', $vars['msg']);
$body = '';
if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) {
$title = $_title_collided;
- $body = $_msg_collided . "\n";
+ $body = $_msg_collided . "\n";
- $s_refer = htmlspecialchars($vars['refer']);
- $s_digest = htmlspecialchars($vars['digest']);
- $s_postdata_input = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($vars['refer']);
+ $s_digest = htmlsc($vars['digest']);
+ $s_postdata_input = htmlsc($postdata_input);
$body .= <<<EOD
<form action="$script?cmd=preview" method="post">
global $_btn_insert;
static $numbers = array();
+ if (PKWK_READONLY) return ''; // Show nothing
+
if (! isset($numbers[$vars['page']])) $numbers[$vars['page']] = 0;
$insert_no = $numbers[$vars['page']]++;
- $s_page = htmlspecialchars($vars['page']);
- $s_digest = htmlspecialchars($digest);
- $s_cols = INSERT_COLS;
- $s_rows = INSERT_ROWS;
- $string = <<<EOD
+ $s_page = htmlsc($vars['page']);
+ $s_digest = htmlsc($digest);
+ $s_cols = INSERT_COLS;
+ $s_rows = INSERT_ROWS;
+ $string = <<<EOD
<form action="$script" method="post">
<div>
<input type="hidden" name="insert_no" value="$insert_no" />
OSDN Git Service
