<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: vote.inc.php,v 1.21 2005/01/06 13:44:00 henoheno Exp $
+// vote.inc.php
+// Copyright 2002-2017 PukiWiki Development Team
+// License: GPL v2 or (at your option) any later version
//
-// Vote plugin
+// Vote box plugin
function plugin_vote_action()
{
- global $vars, $script, $cols,$rows;
+ global $vars, $cols,$rows;
global $_title_collided, $_msg_collided, $_title_updated;
global $_vote_plugin_votes;
+ $script = get_base_uri();
+ if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
+
$postdata_old = get_source($vars['refer']);
$vote_no = 0;
$postdata .= $vote_str;
}
- if (md5(@join('', get_source($vars['refer']))) != $vars['digest']) {
+ if (md5(get_source($vars['refer'], TRUE, TRUE)) !== $vars['digest']) {
$title = $_title_collided;
- $s_refer = htmlspecialchars($vars['refer']);
- $s_digest = htmlspecialchars($vars['digest']);
- $s_postdata_input = htmlspecialchars($postdata_input);
+ $s_refer = htmlsc($vars['refer']);
+ $s_digest = htmlsc($vars['digest']);
+ $s_postdata_input = htmlsc($postdata_input);
$body = <<<EOD
$_msg_collided
<form action="$script?cmd=preview" method="post">
function plugin_vote_convert()
{
- global $script, $vars, $digest;
+ global $vars, $digest;
global $_vote_plugin_choice, $_vote_plugin_votes;
static $number = array();
if (! isset($number[$page])) $number[$page] = 0; // Init
$vote_no = $number[$page]++;
- if (! func_num_args()) return '#vote(): No arguments<br/>' . "\n";
+ if (! func_num_args()) return '#vote(): No arguments<br />' . "\n";
+
+ if (PKWK_READONLY) {
+ $_script = '';
+ $_submit = 'hidden';
+ } else {
+ $_script = get_base_uri();
+ $_submit = 'submit';
+ }
$args = func_get_args();
- $s_page = htmlspecialchars($page);
- $s_digest = htmlspecialchars($digest);
+ $s_page = htmlsc($page);
+ $s_digest = htmlsc($digest);
$body = <<<EOD
-<form action="$script" method="post">
+<form action="$_script" method="post">
<table cellspacing="0" cellpadding="2" class="style_table" summary="vote">
<tr>
<td align="left" class="vote_label" style="padding-left:1em;padding-right:1em"><strong>$_vote_plugin_choice</strong>
<tr>
<td align="left" class="$cls" style="padding-left:1em;padding-right:1em;">$link</td>
<td align="right" class="$cls">$cnt
- <input type="submit" name="vote_$e_arg" value="$_vote_plugin_votes" class="submit" />
+ <input type="$_submit" name="vote_$e_arg" value="$_vote_plugin_votes" class="submit" />
</td>
</tr>
return $body;
}
-?>