<?php
-/*
-Last-Update:2002-10-30 rev.20
-
-*¥×¥é¥°¥¤¥ó paint
-³¨¤òÉÁ¤¯
-
-*Usage
- #paint(width,height)
-
-*¥Ñ¥é¥á¡¼¥¿
--width,height~
- ¥¥ã¥ó¥Ð¥¹¤ÎÉý¤È¹â¤µ
+// PukiWiki - Yet another WikiWikiWeb clone
+// paint.inc.php
+// Copyright 2002-2017 PukiWiki Development Team
+// License: GPL v2 or (at your option) any later version
+//
+// Paint plugin
-*/
+/*
+ * Usage
+ * #paint(width,height)
+ * パラメータ
+ * キャンバスの幅と高さ
+ */
-// upload dir(must set end of /) attach.inc.php¤È¹ç¤ï¤»¤ë
-define('PAINT_UPLOAD_DIR','./attach/');
-//
-// ÁÞÆþ¤¹¤ë°ÌÃÖ 1:Íó¤ÎÁ° 0:Íó¤Î¸å
+// 挿入する位置 1:欄の前 0:欄の後
define('PAINT_INSERT_INS',0);
-//
-// ¥Ç¥Õ¥©¥ë¥È¤ÎÉÁ²èÎΰè¤ÎÉý¤È¹â¤µ
+
+// デフォルトの描画領域の幅と高さ
define('PAINT_DEFAULT_WIDTH',80);
define('PAINT_DEFAULT_HEIGHT',60);
-//
-// ÉÁ²èÎΰè¤ÎÉý¤È¹â¤µ¤ÎÀ©¸ÂÃÍ
+
+// 描画領域の幅と高さの制限値
define('PAINT_MAX_WIDTH',320);
define('PAINT_MAX_HEIGHT',240);
-//
-// ¥¢¥×¥ì¥Ã¥ÈÎΰè¤ÎÉý¤È¹â¤µ 50x50̤Ëþ¤ÇÊÌ¥¦¥¤¥ó¥É¥¦¤¬³«¤¯
+
+// アプレット領域の幅と高さ 50x50未満で別ウインドウが開く
define('PAINT_APPLET_WIDTH',800);
define('PAINT_APPLET_HEIGHT',300);
-//
-//¥³¥á¥ó¥È¤ÎÁÞÆþ¥Õ¥©¡¼¥Þ¥Ã¥È
-define('PAINT_FORMAT_NAME','[[%s]]');
-define('PAINT_FORMAT_MSG','%s');
-define('PAINT_FORMAT_DATE','SIZE(10){%s}');
-//¥á¥Ã¥»¡¼¥¸¤¬¤¢¤ë¾ì¹ç
-define('PAINT_FORMAT',"\x08MSG\x08 -- \x08NAME\x08 \x08DATE\x08");
-//¥á¥Ã¥»¡¼¥¸¤¬¤Ê¤¤¾ì¹ç
-define('PAINT_FORMAT_NOMSG',"\x08NAME\x08 \x08DATE\x08");
-
-function plugin_paint_init()
-{
- $messages = array('_paint_messages'=>array(
- 'field_name' => '¤ªÌ¾Á°',
- 'field_filename'=> '¥Õ¥¡¥¤¥ë̾',
- 'field_comment' => '¥³¥á¥ó¥È',
- 'btn_submit' => 'paint',
- 'msg_max' => '(ºÇÂç %d x %d)',
- 'msg_title' => 'Paint and Attach to $1',
- 'msg_title_collided' => '$1 ¤Ç¡Ú¹¹¿·¤Î¾×ÆÍ¡Û¤¬µ¯¤¤Þ¤·¤¿',
- 'msg_collided' => '¤¢¤Ê¤¿¤¬²èÁü¤òÊÔ½¸¤·¤Æ¤¤¤ë´Ö¤Ë¡¢Â¾¤Î¿Í¤¬Æ±¤¸¥Ú¡¼¥¸¤ò¹¹¿·¤·¤Æ¤·¤Þ¤Ã¤¿¤è¤¦¤Ç¤¹¡£<br />
-²èÁü¤È¥³¥á¥ó¥È¤òÄɲä·¤Þ¤·¤¿¤¬¡¢°ã¤¦°ÌÃÖ¤ËÁÞÆþ¤µ¤ì¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£<br />',
- ));
- set_plugin_messages($messages);
-}
+
+//コメントの挿入フォーマット
+define('PAINT_NAME_FORMAT','[[$name]]');
+define('PAINT_MSG_FORMAT','$msg');
+define('PAINT_NOW_FORMAT','&new{$now};');
+//メッセージがある場合
+define('PAINT_FORMAT',"\x08MSG\x08 -- \x08NAME\x08 \x08NOW\x08");
+//メッセージがない場合
+define('PAINT_FORMAT_NOMSG',"\x08NAME\x08 \x08NOW\x08");
+
function plugin_paint_action()
{
- global $script,$vars,$HTTP_POST_FILES;
- global $_paint_messages;
- global $html_transitional;
+ global $vars, $_paint_messages;
+
+ $script = get_base_uri();
+ if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
- //Ìá¤êÃͤò½é´ü²½
+ //戻り値を初期化
$retval['msg'] = $_paint_messages['msg_title'];
$retval['body'] = '';
-
- if (array_key_exists('attach_file',$HTTP_POST_FILES) and is_uploaded_file($HTTP_POST_FILES['attach_file']['tmp_name'])) {
- //BBSPaiter.jar¤Ï¡¢shift-jis¤ÇÆâÍƤòÁ÷¤Ã¤Æ¤¯¤ë¡£ÌÌÅݤʤΤǥڡ¼¥¸Ì¾¤Ï¥¨¥ó¥³¡¼¥É¤·¤Æ¤«¤éÁ÷¿®¤µ¤»¤ë¤è¤¦¤Ë¤·¤¿¡£
+
+ if (array_key_exists('attach_file',$_FILES)
+ and array_key_exists('refer',$vars))
+ {
+ $file = $_FILES['attach_file'];
+ //BBSPaiter.jarは、shift-jisで内容を送ってくる。面倒なのでページ名はエンコードしてから送信させるようにした。
$vars['page'] = $vars['refer'] = decode($vars['refer']);
-
+
$filename = $vars['filename'];
- if (function_exists('mb_convert_encoding'))
- $filename = mb_convert_encoding($filename,ENCODING,'auto');
-
- //¥Õ¥¡¥¤¥ë̾ÃÖ´¹
- $attachname = preg_replace('/^[^\.]+/', $filename, $HTTP_POST_FILES['attach_file']['name']);
- //¤¹¤Ç¤Ë¸ºß¤·¤¿¾ì¹ç¡¢ ¥Õ¥¡¥¤¥ë̾¤Ë'_0','_1',...¤òÉÕ¤±¤Æ²óÈò(¸È©)
+ $filename = mb_convert_encoding($filename,SOURCE_ENCODING,'auto');
+
+ //ファイル名置換
+ $attachname = preg_replace('/^[^\.]+/',$filename,$file['name']);
+ //すでに存在した場合、 ファイル名に'_0','_1',...を付けて回避(姑息)
$count = '_0';
- while (file_exists(PAINT_UPLOAD_DIR.encode($vars['refer']).'_'.encode($attachname))) {
- $attachname = preg_replace('/^[^\.]+/', $filename.$count++, $HTTP_POST_FILES['attach_file']['name']);
+ while (file_exists(UPLOAD_DIR.encode($vars['refer']).'_'.encode($attachname)))
+ {
+ $attachname = preg_replace('/^[^\.]+/',$filename.$count++,$file['name']);
+ }
+
+ $file['name'] = $attachname;
+
+ if (!exist_plugin('attach') or !function_exists('attach_upload'))
+ {
+ return array('msg'=>'attach.inc.php not found or not correct version.');
+ }
+
+ $retval = attach_upload($file,$vars['refer'],TRUE);
+ if ($retval['result'] == TRUE)
+ {
+ $retval = paint_insert_ref($file['name']);
}
-
- $HTTP_POST_FILES['attach_file']['name'] = $attachname;
-
- $retval = do_plugin_action('attach');
- $retval = insert_ref($HTTP_POST_FILES['attach_file']['name']);
}
- else {
+ else
+ {
$message = '';
- if (!function_exists('mb_convert_encoding')) {
- $message = 'cannot use KANJI in filename.';
- }
-
- $r_refer = $s_refer = '';
- if (array_key_exists('refer',$vars)) {
- $r_refer = rawurlencode($vars['refer']);
- $s_refer = htmlspecialchars($vars['refer']);
+ $page_uri = get_base_uri();
+ if (array_key_exists('refer',$vars))
+ {
+ $page_uri = get_page_uri($vars['refer']);
+ $s_refer = htmlsc($vars['refer']);
}
- $link = "<p><a href=\"$script?$r_refer\">$s_refer</a></p>";;
-
+ $link = "<p><a href=\"$page_uri\">$s_refer</a></p>";;
+
$w = PAINT_APPLET_WIDTH;
$h = PAINT_APPLET_HEIGHT;
-
- //XSSÀȼåÀÌäÂê - ³°Éô¤«¤éÍ褿ÊÑ¿ô¤ò¥¨¥¹¥±¡¼¥×
+
+ //ウインドウモード :)
+ if ($w < 50 and $h < 50)
+ {
+ $w = $h = 0;
+ $retval['msg'] = '';
+ $vars['page'] = $vars['refer'];
+ $vars['cmd'] = 'read';
+ $retval['body'] = convert_html(get_source($vars['refer']));
+ $link = '';
+ }
+
+ //XSS脆弱性問題 - 外部から来た変数をエスケープ
$width = empty($vars['width']) ? PAINT_DEFAULT_WIDTH : $vars['width'];
$height = empty($vars['height']) ? PAINT_DEFAULT_HEIGHT : $vars['height'];
$f_w = (is_numeric($width) and $width > 0) ? $width : PAINT_DEFAULT_WIDTH;
$f_h = (is_numeric($height) and $height > 0) ? $height : PAINT_DEFAULT_HEIGHT;
- $f_refer = array_key_exists('refer',$vars) ? encode($vars['refer']) : ''; // BBSPainter.jar¤¬shift-jis¤ËÊÑ´¹¤¹¤ë¤Î¤ò²óÈò
- $f_digest = array_key_exists('digest',$vars) ? htmlspecialchars($vars['digest']) : '';
+ $f_refer = array_key_exists('refer',$vars) ? encode($vars['refer']) : ''; // BBSPainter.jarがshift-jisに変換するのを回避
+ $f_digest = array_key_exists('digest',$vars) ? htmlsc($vars['digest']) : '';
$f_no = (array_key_exists('paint_no',$vars) and is_numeric($vars['paint_no'])) ?
$vars['paint_no'] + 0 : 0;
-
- if ($f_w > PAINT_MAX_WIDTH) {
+
+ if ($f_w > PAINT_MAX_WIDTH)
+ {
$f_w = PAINT_MAX_WIDTH;
}
- if ($f_h > PAINT_MAX_HEIGHT) {
+ if ($f_h > PAINT_MAX_HEIGHT)
+ {
$f_h = PAINT_MAX_HEIGHT;
}
-
- $retval['body'] = <<<EOD
+
+ $retval['body'] .= <<<EOD
<div>
$link
$message
<param name="param4" value="max_file_size=1000000" />
<param name="param5" value="paint_no=$f_no" />
<param name="enctype" value="multipart/form-data" />
- <param name="return.URL" value="$script?$r_refer" />
+ <param name="return.URL" value="$page_uri" />
</applet>
</div>
EOD;
- $html_transitional = TRUE;
}
return $retval;
}
+
function plugin_paint_convert()
{
- global $script,$vars,$digest;
+ global $vars,$digest;
global $_paint_messages;
- static $paint_no = 0;
-
- //Ìá¤êÃÍ
+ static $numbers = array();
+
+ $script = get_base_uri();
+ if (PKWK_READONLY) return ''; // Show nothing
+
+ if (!array_key_exists($vars['page'],$numbers))
+ {
+ $numbers[$vars['page']] = 0;
+ }
+ $paint_no = $numbers[$vars['page']]++;
+
+ //戻り値
$ret = '';
-
- $paint_no++;
-
- //ʸ»úÎó¤ò¼èÆÀ
+
+ //文字列を取得
$width = $height = 0;
$args = func_get_args();
- if (count($args) >= 2) {
+ if (count($args) >= 2)
+ {
$width = array_shift($args);
$height = array_shift($args);
}
- if (!is_numeric($width) or $width <= 0) {
+ if (!is_numeric($width) or $width <= 0)
+ {
$width = PAINT_DEFAULT_WIDTH;
}
- if (!is_numeric($height) or $height <= 0) {
+ if (!is_numeric($height) or $height <= 0)
+ {
$height = PAINT_DEFAULT_HEIGHT;
}
-
- //XSSÀȼåÀÌäÂê - ³°Éô¤«¤éÍ褿ÊÑ¿ô¤ò¥¨¥¹¥±¡¼¥×
- $f_page = htmlspecialchars($vars['page']);
-
+
+ //XSS脆弱性問題 - 外部から来た変数をエスケープ
+ $f_page = htmlsc($vars['page']);
+
$max = sprintf($_paint_messages['msg_max'],PAINT_MAX_WIDTH,PAINT_MAX_HEIGHT);
-
+
$ret = <<<EOD
<form action="$script" method="post">
<div>
<input type="hidden" name="digest" value="$digest" />
<input type="hidden" name="plugin" value="paint" />
<input type="hidden" name="refer" value="$f_page" />
- <input type="text" name="width" size="3" value="$width" accesskey="w" />
+ <input type="text" name="width" size="3" value="$width" />
x
- <input type="text" name="height" size="3" value="$height" accesskey="h" />
+ <input type="text" name="height" size="3" value="$height" />
$max
<input type="submit" value="{$_paint_messages['btn_submit']}" />
</div>
EOD;
return $ret;
}
-function insert_ref($filename)
+function paint_insert_ref($filename)
{
- global $script,$vars,$now,$do_backup;
- global $_paint_messages;
-
+ global $vars,$now,$do_backup;
+ global $_paint_messages,$_no_name;
+
$ret['msg'] = $_paint_messages['msg_title'];
-
- $msg = sprintf(PAINT_FORMAT_MSG, rtrim($vars['msg']));
-
- if ($vars['yourname'] != '') {
- $name = sprintf(PAINT_FORMAT_NAME, $vars['yourname']);
- }
- $date = sprintf(PAINT_FORMAT_DATE, $now);
-
- if (function_exists('mb_convert_encoding')) {
- $msg = mb_convert_encoding($msg, ENCODING, 'auto');
- $name = mb_convert_encoding($name, ENCODING, 'auto');
- }
-
+
+ $msg = mb_convert_encoding(rtrim($vars['msg']),SOURCE_ENCODING,'auto');
+ $name = mb_convert_encoding($vars['yourname'],SOURCE_ENCODING,'auto');
+
+ $msg = str_replace('$msg',$msg,PAINT_MSG_FORMAT);
+ $name = ($name == '') ? $_no_name : $vars['yourname'];
+ $name = ($name == '') ? '' : str_replace('$name',$name,PAINT_NAME_FORMAT);
+ $now = str_replace('$now',$now,PAINT_NOW_FORMAT);
+
$msg = trim($msg);
$msg = ($msg == '') ?
PAINT_FORMAT_NOMSG :
str_replace("\x08MSG\x08", $msg, PAINT_FORMAT);
$msg = str_replace("\x08NAME\x08",$name, $msg);
- $msg = str_replace("\x08DATE\x08",$date, $msg);
- //¥Ö¥í¥Ã¥¯¤Ë¿©¤ï¤ì¤Ê¤¤¤è¤¦¤Ë¡¢#img¤ÎľÁ°¤Ë\n¤ò2¸Ä½ñ¤¤¤Æ¤ª¤¯¡£
- $msg = "#ref($filename,wrap,around)\n".trim($msg)."\n\n#img(,clear)\n";
-
+ $msg = str_replace("\x08NOW\x08",$now, $msg);
+
+ //ブロックに食われないように、#clearの直前に\nを2個書いておく
+ $msg = "#ref($filename,wrap,around)\n" . trim($msg) . "\n\n" .
+ "#clear\n";
+
$postdata_old = get_source($vars['refer']);
$postdata = '';
- $paint_no = 0; //'#paint'¤Î½Ð¸½²ó¿ô
+ $paint_no = 0; //'#paint'の出現回数
foreach ($postdata_old as $line)
{
- if (!PAINT_INSERT_INS) {
+ if (!PAINT_INSERT_INS)
+ {
$postdata .= $line;
}
- if (preg_match('/^#paint/',$line) and (++$paint_no == $vars['paint_no'])) {
+ if (preg_match('/^#paint/i',$line))
+ {
+ if ($paint_no == $vars['paint_no'])
+ {
$postdata .= $msg;
+ }
+ $paint_no++;
}
- if (PAINT_INSERT_INS) {
+ if (PAINT_INSERT_INS)
+ {
$postdata .= $line;
}
}
-
- // ¹¹¿·¤Î¾×Æͤò¸¡½Ð
- if (md5(join('',$postdata_old)) != $vars['digest']) {
+
+ // 更新の衝突を検出
+ if (md5(join('',$postdata_old)) !== $vars['digest'])
+ {
$ret['msg'] = $_paint_messages['msg_title_collided'];
$ret['body'] = $_paint_messages['msg_collided'];
}
-
+
page_write($vars['refer'],$postdata);
-
+
return $ret;
}
-?>