/////////////////////////////////////////////////
// PukiWiki - Yet another WikiWikiWeb clone.
//
-// $Id: init.php,v 1.76 2004/06/24 13:45:52 henoheno Exp $
+// $Id: init.php,v 1.77 2004/06/27 11:15:51 henoheno Exp $
//
/////////////////////////////////////////////////
}
}
-if (!empty($get['page']))
-{
- $get['page'] = strip_bracket($get['page']);
-}
-if (!empty($post['page']))
-{
- $post['page'] = strip_bracket($post['page']);
-}
-if (!empty($post['msg']))
-{
- $post['msg'] = str_replace("\r",'',$post['msg']);
-}
+/////////////////////////////////////////////////
+// GET + POST = $vars
$vars = array_merge($post,$get);
-if (!array_key_exists('page',$vars))
-{
+
+// ÆþÎÏ¥Á¥§¥Ã¥¯: cmd, plugin ¤Îʸ»úÎó¤Ï±Ñ¿ô»ú°Ê³°¤¢¤ê¤¨¤Ê¤¤
+foreach(array('cmd', 'plugin') as $var){
+ if (array_key_exists($var, $vars) &&
+ ! preg_match('/^[a-zA-Z][a-zA-Z0-9_]*$/', $vars[$var])) {
+ unset($get[$var], $post[$var], $vars[$var]);
+ }
+}
+
+// À°·Á: page, strip_bracket()
+if (array_key_exists('page', $vars)) {
+ $get['page'] = $post['page'] = $vars['page'] = strip_bracket($vars['page']);
+} else {
$get['page'] = $post['page'] = $vars['page'] = '';
}
+// À°·Á: msg, ²þ¹Ô¤ò¼è¤ê½ü¤¯
+if (!empty($vars['msg'])) {
+ $get['msg'] = $post['msg'] = $vars['msg'] = str_replace("\r",'',$vars['msg']);
+}
+
// ¸åÊý¸ß´¹À (?md5=...)
-if (array_key_exists('md5',$vars) and $vars['md5'] != '')
-{
- $vars['cmd'] = 'md5';
+if (array_key_exists('md5', $vars) and $vars['md5'] != '') {
+ $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'md5';
}
// TrackBack Ping
-if (array_key_exists('tb_id',$vars) and $vars['tb_id'] != '')
-{
- $vars['cmd'] = 'tb';
+if (array_key_exists('tb_id', $vars) and $vars['tb_id'] != '') {
+ $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'tb';
}
// cmd¤âplugin¤â»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢QUERY_STRING¤ò¥Ú¡¼¥¸Ì¾¤«InterWikiName¤Ç¤¢¤ë¤È¤ß¤Ê¤¹
$arg = strip_bracket($arg);
$arg = sanitize($arg);
- $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'read';
+ $get['cmd'] = $post['cmd'] = $vars['cmd'] = 'read';
$get['page'] = $post['page'] = $vars['page'] = $arg;
}