<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: md5.inc.php,v 1.5 2004/11/28 06:31:04 henoheno Exp $
+// $Id: md5.inc.php,v 1.6 2004/11/28 13:20:23 henoheno Exp $
// MD5 plugin
+define('PLUGIN_MD5_LIMIT_LENGTH', 512);
+
function plugin_md5_action()
{
global $script, $get, $post;
// Wait POST
$key = isset($post['key']) ? $post['key'] : '';
if ($key != '') {
+ plugin_md5_checklimit($key);
// Compute (Don't show its $key at the same time)
return array('msg'=>'MD5', 'body'=>'Hash: ' . md5($key));
} else {
// If cmd=md5&md5=password, set only (Don't compute)
$value = isset($get['md5']) ? $get['md5'] : '';
- if ($value != '') $value = 'value="' . htmlspecialchars($value) . '" ';
+ if ($value != '') {
+ plugin_md5_checklimit($value);
+ $value = 'value="' . htmlspecialchars($value) . '" ';
+ }
$form = <<<EOD
<form action="$script" method="post">
<div>
return array('msg'=>'MD5', 'body'=>$form);
}
}
+
+function plugin_md5_checklimit($text)
+{
+ if (strlen($text) > PLUGIN_MD5_LIMIT_LENGTH)
+ die_message('Limit: malicious message length');
+}
?>