<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: vote.inc.php,v 1.22 2005/01/23 09:43:06 henoheno Exp $
+// vote.inc.php
+// Copyright 2002-2017 PukiWiki Development Team
+// License: GPL v2 or (at your option) any later version
//
// Vote box plugin
function plugin_vote_action()
{
- global $vars, $script, $cols,$rows;
+ global $vars, $cols,$rows;
global $_title_collided, $_msg_collided, $_title_updated;
global $_vote_plugin_votes;
+ $script = get_base_uri();
if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
$postdata_old = get_source($vars['refer']);
$postdata .= $vote_str;
}
- if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) {
+ if (md5(get_source($vars['refer'], TRUE, TRUE)) !== $vars['digest']) {
$title = $_title_collided;
- $s_refer = htmlspecialchars($vars['refer']);
- $s_digest = htmlspecialchars($vars['digest']);
- $s_postdata_input = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($vars['refer']);
+ $s_digest = htmlsc($vars['digest']);
+ $s_postdata_input = htmlsc($postdata_input);
$body = <<<EOD
$_msg_collided
<form action="$script?cmd=preview" method="post">
function plugin_vote_convert()
{
- global $script, $vars, $digest;
+ global $vars, $digest;
global $_vote_plugin_choice, $_vote_plugin_votes;
static $number = array();
if (! isset($number[$page])) $number[$page] = 0; // Init
$vote_no = $number[$page]++;
- if (! func_num_args()) return '#vote(): No arguments<br/>' . "\n";
+ if (! func_num_args()) return '#vote(): No arguments<br />' . "\n";
if (PKWK_READONLY) {
$_script = '';
$_submit = 'hidden';
} else {
- $_script = $script;
+ $_script = get_base_uri();
$_submit = 'submit';
}
$args = func_get_args();
- $s_page = htmlspecialchars($page);
- $s_digest = htmlspecialchars($digest);
+ $s_page = htmlsc($page);
+ $s_digest = htmlsc($digest);
$body = <<<EOD
<form action="$_script" method="post">
return $body;
}
-?>