plugin/paint.inc.php

   1 <?php
   2 // PukiWiki - Yet another WikiWikiWeb clone
   3 // paint.inc.php
   4 // Copyright 2002-2017 PukiWiki Development Team
   5 // License: GPL v2 or (at your option) any later version
   6 //
   7 // Paint plugin
   8
   9 /*
  10  * Usage
  11  *  #paint(width,height)
  12  * パラメータ
  13  *  キャンバスの幅と高さ
  14  */
  15
  16 // 挿入する位置 1:欄の前 0:欄の後
  17 define('PAINT_INSERT_INS',0);
  18
  19 // デフォルトの描画領域の幅と高さ
  20 define('PAINT_DEFAULT_WIDTH',80);
  21 define('PAINT_DEFAULT_HEIGHT',60);
  22
  23 // 描画領域の幅と高さの制限値
  24 define('PAINT_MAX_WIDTH',320);
  25 define('PAINT_MAX_HEIGHT',240);
  26
  27 // アプレット領域の幅と高さ 50x50未満で別ウインドウが開く
  28 define('PAINT_APPLET_WIDTH',800);
  29 define('PAINT_APPLET_HEIGHT',300);
  30
  31 //コメントの挿入フォーマット
  32 define('PAINT_NAME_FORMAT','[[$name]]');
  33 define('PAINT_MSG_FORMAT','$msg');
  34 define('PAINT_NOW_FORMAT','&new{$now};');
  35 //メッセージがある場合
  36 define('PAINT_FORMAT',"\x08MSG\x08 -- \x08NAME\x08 \x08NOW\x08");
  37 //メッセージがない場合
  38 define('PAINT_FORMAT_NOMSG',"\x08NAME\x08 \x08NOW\x08");
  39
  40 function plugin_paint_action()
  41 {
  42         global $vars, $_paint_messages;
  43
  44         $script = get_base_uri();
  45         if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
  46
  47         //戻り値を初期化
  48         $retval['msg'] = $_paint_messages['msg_title'];
  49         $retval['body'] = '';
  50
  51         if (array_key_exists('attach_file',$_FILES)
  52                 and array_key_exists('refer',$vars))
  53         {
  54                 $file = $_FILES['attach_file'];
  55                 //BBSPaiter.jarは、shift-jisで内容を送ってくる。面倒なのでページ名はエンコードしてから送信させるようにした。
  56                 $vars['page'] = $vars['refer'] = decode($vars['refer']);
  57
  58                 $filename = $vars['filename'];
  59                 $filename = mb_convert_encoding($filename,SOURCE_ENCODING,'auto');
  60
  61                 //ファイル名置換
  62                 $attachname = preg_replace('/^[^\.]+/',$filename,$file['name']);
  63                 //すでに存在した場合、 ファイル名に'_0','_1',...を付けて回避(姑息)
  64                 $count = '_0';
  65                 while (file_exists(UPLOAD_DIR.encode($vars['refer']).'_'.encode($attachname)))
  66                 {
  67                         $attachname = preg_replace('/^[^\.]+/',$filename.$count++,$file['name']);
  68                 }
  69
  70                 $file['name'] = $attachname;
  71
  72                 if (!exist_plugin('attach') or !function_exists('attach_upload'))
  73                 {
  74                         return array('msg'=>'attach.inc.php not found or not correct version.');
  75                 }
  76
  77                 $retval = attach_upload($file,$vars['refer'],TRUE);
  78                 if ($retval['result'] == TRUE)
  79                 {
  80                         $retval = paint_insert_ref($file['name']);
  81                 }
  82         }
  83         else
  84         {
  85                 $message = '';
  86                 $page_uri = get_base_uri();
  87                 if (array_key_exists('refer',$vars))
  88                 {
  89                         $page_uri = get_page_uri($vars['refer']);
  90                         $s_refer = htmlsc($vars['refer']);
  91                 }
  92                 $link = "<p><a href=\"$page_uri\">$s_refer</a></p>";;
  93
  94                 $w = PAINT_APPLET_WIDTH;
  95                 $h = PAINT_APPLET_HEIGHT;
  96
  97                 //ウインドウモード :)
  98                 if ($w < 50 and $h < 50)
  99                 {
 100                         $w = $h = 0;
 101                         $retval['msg'] = '';
 102                         $vars['page'] = $vars['refer'];
 103                         $vars['cmd'] = 'read';
 104                         $retval['body'] = convert_html(get_source($vars['refer']));
 105                         $link = '';
 106                 }
 107
 108                 //XSS脆弱性問題 - 外部から来た変数をエスケープ
 109                 $width = empty($vars['width']) ? PAINT_DEFAULT_WIDTH : $vars['width'];
 110                 $height = empty($vars['height']) ? PAINT_DEFAULT_HEIGHT : $vars['height'];
 111                 $f_w = (is_numeric($width) and $width > 0) ? $width : PAINT_DEFAULT_WIDTH;
 112                 $f_h = (is_numeric($height) and $height > 0) ? $height : PAINT_DEFAULT_HEIGHT;
 113                 $f_refer = array_key_exists('refer',$vars) ? encode($vars['refer']) : ''; // BBSPainter.jarがshift-jisに変換するのを回避
 114                 $f_digest = array_key_exists('digest',$vars) ? htmlsc($vars['digest']) : '';
 115                 $f_no = (array_key_exists('paint_no',$vars) and is_numeric($vars['paint_no'])) ?
 116                         $vars['paint_no'] + 0 : 0;
 117
 118                 if ($f_w > PAINT_MAX_WIDTH)
 119                 {
 120                         $f_w = PAINT_MAX_WIDTH;
 121                 }
 122                 if ($f_h > PAINT_MAX_HEIGHT)
 123                 {
 124                         $f_h = PAINT_MAX_HEIGHT;
 125                 }
 126
 127                 $retval['body'] .= <<<EOD
 128  <div>
 129  $link
 130  $message
 131  <applet codebase="." archive="BBSPainter.jar" code="Main.class" width="$w" height="$h">
 132  <param name="size" value="$f_w,$f_h" />
 133  <param name="action" value="$script" />
 134  <param name="image" value="attach_file" />
 135  <param name="form1" value="filename={$_paint_messages['field_filename']}=!" />
 136  <param name="form2" value="yourname={$_paint_messages['field_name']}" />
 137  <param name="comment" value="msg={$_paint_messages['field_comment']}" />
 138  <param name="param1" value="plugin=paint" />
 139  <param name="param2" value="refer=$f_refer" />
 140  <param name="param3" value="digest=$f_digest" />
 141  <param name="param4" value="max_file_size=1000000" />
 142  <param name="param5" value="paint_no=$f_no" />
 143  <param name="enctype" value="multipart/form-data" />
 144  <param name="return.URL" value="$page_uri" />
 145  </applet>
 146  </div>
 147 EOD;
 148         }
 149         return $retval;
 150 }
 151
 152 function plugin_paint_convert()
 153 {
 154         global $vars,$digest;
 155         global $_paint_messages;
 156         static $numbers = array();
 157
 158         $script = get_base_uri();
 159         if (PKWK_READONLY) return ''; // Show nothing
 160
 161         if (!array_key_exists($vars['page'],$numbers))
 162         {
 163                 $numbers[$vars['page']] = 0;
 164         }
 165         $paint_no = $numbers[$vars['page']]++;
 166
 167         //戻り値
 168         $ret = '';
 169
 170         //文字列を取得
 171         $width = $height = 0;
 172         $args = func_get_args();
 173         if (count($args) >= 2)
 174         {
 175                 $width = array_shift($args);
 176                 $height = array_shift($args);
 177         }
 178         if (!is_numeric($width) or $width <= 0)
 179         {
 180                 $width = PAINT_DEFAULT_WIDTH;
 181         }
 182         if (!is_numeric($height) or $height <= 0)
 183         {
 184                 $height = PAINT_DEFAULT_HEIGHT;
 185         }
 186
 187         //XSS脆弱性問題 - 外部から来た変数をエスケープ
 188         $f_page = htmlsc($vars['page']);
 189
 190         $max = sprintf($_paint_messages['msg_max'],PAINT_MAX_WIDTH,PAINT_MAX_HEIGHT);
 191
 192         $ret = <<<EOD
 193   <form action="$script" method="post">
 194   <div>
 195   <input type="hidden" name="paint_no" value="$paint_no" />
 196   <input type="hidden" name="digest" value="$digest" />
 197   <input type="hidden" name="plugin" value="paint" />
 198   <input type="hidden" name="refer" value="$f_page" />
 199   <input type="text" name="width" size="3" value="$width" />
 200   x
 201   <input type="text" name="height" size="3" value="$height" />
 202   $max
 203   <input type="submit" value="{$_paint_messages['btn_submit']}" />
 204   </div>
 205   </form>
 206 EOD;
 207         return $ret;
 208 }
 209 function paint_insert_ref($filename)
 210 {
 211         global $vars,$now,$do_backup;
 212         global $_paint_messages,$_no_name;
 213
 214         $ret['msg'] = $_paint_messages['msg_title'];
 215
 216         $msg = mb_convert_encoding(rtrim($vars['msg']),SOURCE_ENCODING,'auto');
 217         $name = mb_convert_encoding($vars['yourname'],SOURCE_ENCODING,'auto');
 218
 219         $msg  = str_replace('$msg',$msg,PAINT_MSG_FORMAT);
 220         $name = ($name == '') ? $_no_name : $vars['yourname'];
 221         $name = ($name == '') ? '' : str_replace('$name',$name,PAINT_NAME_FORMAT);
 222         $now  = str_replace('$now',$now,PAINT_NOW_FORMAT);
 223
 224         $msg = trim($msg);
 225         $msg = ($msg == '') ?
 226                 PAINT_FORMAT_NOMSG :
 227                 str_replace("\x08MSG\x08", $msg, PAINT_FORMAT);
 228         $msg = str_replace("\x08NAME\x08",$name, $msg);
 229         $msg = str_replace("\x08NOW\x08",$now, $msg);
 230
 231         //ブロックに食われないように、#clearの直前に\nを2個書いておく
 232         $msg = "#ref($filename,wrap,around)\n" . trim($msg) . "\n\n" .
 233                 "#clear\n";
 234
 235         $postdata_old = get_source($vars['refer']);
 236         $postdata = '';
 237         $paint_no = 0; //'#paint'の出現回数
 238         foreach ($postdata_old as $line)
 239         {
 240                 if (!PAINT_INSERT_INS)
 241                 {
 242                         $postdata .= $line;
 243                 }
 244                 if (preg_match('/^#paint/i',$line))
 245                 {
 246                         if ($paint_no == $vars['paint_no'])
 247                         {
 248                                 $postdata .= $msg;
 249                         }
 250                         $paint_no++;
 251                 }
 252                 if (PAINT_INSERT_INS)
 253                 {
 254                         $postdata .= $line;
 255                 }
 256         }
 257
 258         // 更新の衝突を検出
 259         if (md5(join('',$postdata_old)) !== $vars['digest'])
 260         {
 261                 $ret['msg'] = $_paint_messages['msg_title_collided'];
 262                 $ret['body'] = $_paint_messages['msg_collided'];
 263         }
 264
 265         page_write($vars['refer'],$postdata);
 266
 267         return $ret;
 268 }