<?php
-/////////////////////////////////////////////////
// PukiWiki - Yet another WikiWikiWeb clone.
+// edit.inc.php
+// Copyright 2001-2022 PukiWiki Development Team
+// License: GPL v2 or (at your option) any later version
//
-// $Id: edit.inc.php,v 1.25 2004/11/23 12:16:20 henoheno Exp $
-//
+// Edit plugin (cmd=edit)
+
+// Remove #freeze written by hand
+define('PLUGIN_EDIT_FREEZE_REGEX', '/^(?:#freeze(?!\w)\s*)+/im');
-// Edit plugin
-// cmd=edit
function plugin_edit_action()
{
- global $vars, $_title_edit, $load_template_func;
+ global $vars, $_title_edit;
- $page = isset($vars['page']) ? $vars['page'] : '';
+ if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
+
+ // Create initial pages
+ plugin_edit_setup_initial_pages();
+ $page = isset($vars['page']) ? $vars['page'] : '';
check_editable($page, true, true);
+ check_readable($page, true, true);
- if (isset($vars['preview']) || ($load_template_func && isset($vars['template']))) {
- return plugin_edit_preview();
+ if (isset($vars['preview'])) {
+ return plugin_edit_preview($vars['msg']);
+ } else if (isset($vars['template'])) {
+ return plugin_edit_preview_with_template();
} else if (isset($vars['write'])) {
return plugin_edit_write();
} else if (isset($vars['cancel'])) {
return plugin_edit_cancel();
}
-
+ ensure_valid_page_name_length($page);
$postdata = @join('', get_source($page));
- if ($postdata == '') {
- $postdata = auto_template($page);
- }
-
+ if ($postdata === '') $postdata = auto_template($page);
+ $postdata = remove_author_info($postdata);
return array('msg'=>$_title_edit, 'body'=>edit_form($page, $postdata));
}
-// Preview
-function plugin_edit_preview()
+function ensure_valid_page_name_length($page)
{
- global $vars;
- global $_title_preview, $_msg_preview, $_msg_preview_delete;
+ if (is_page($page)) {
+ // Continue
+ } else {
+ if (is_pagename_bytes_within_soft_limit($page)) {
+ // Continue
+ } else {
+ if (page_exists_in_history($page)) {
+ if (is_pagename_bytes_within_hard_limit($page)) {
+ // Continue
+ } else {
+ die_message('Page name too long (hard limit): ' . htmlsc($page));
+ exit;
+ }
+ } else {
+ die_message('Page name too long: ' . htmlsc($page));
+ exit;
+ }
+ }
+ }
+}
+/**
+ * Preview with template
+ */
+function plugin_edit_preview_with_template()
+{
+ global $vars;
+ $msg = '';
$page = isset($vars['page']) ? $vars['page'] : '';
-
// Loading template
- if (isset($vars['template_page']) && is_page($vars['template_page'])) {
+ $template_page;
+ if (isset($vars['template_page']) && is_page($template_page = $vars['template_page'])) {
+ if (is_page_readable($template_page)) {
+ $msg = remove_author_info(get_source($vars['template_page'], TRUE, TRUE));
+ // Cut fixed anchors
+ $msg = preg_replace('/^(\*{1,3}.*)\[#[A-Za-z][\w-]+\](.*)$/m', '$1$2', $msg);
+ }
+ }
+ return plugin_edit_preview($msg);
+}
- $vars['msg'] = join('', get_source($vars['template_page']));
+/**
+ * Preview
+ *
+ * @param msg preview target
+ */
+function plugin_edit_preview($msg)
+{
+ global $vars;
+ global $_title_preview, $_msg_preview, $_msg_preview_delete;
- // Cut fixed anchors
- $vars['msg'] = preg_replace('/^(\*{1,3}.*)\[#[A-Za-z][\w-]+\](.*)$/m', '$1$2', $vars['msg']);
- }
+ $page = isset($vars['page']) ? $vars['page'] : '';
- // ¼ê½ñ¤¤Î#freeze¤òºï½ü
- $vars['msg'] = preg_replace('/^#freeze\s*$/im', '', $vars['msg']);
- $postdata = $vars['msg'];
+ $msg = preg_replace(PLUGIN_EDIT_FREEZE_REGEX, '', $msg);
+ $postdata = $msg;
if (isset($vars['add']) && $vars['add']) {
if (isset($vars['add_top']) && $vars['add_top']) {
}
}
- $body = "$_msg_preview<br />\n";
- if ($postdata == '')
- $body .= "<strong>$_msg_preview_delete</strong>";
- $body .= "<br />\n";
+ $body = $_msg_preview . '<br />' . "\n";
+ if ($postdata === '')
+ $body .= '<strong>' . $_msg_preview_delete . '</strong>';
+ $body .= '<br />' . "\n";
if ($postdata) {
$postdata = make_str_rules($postdata);
$postdata = drop_submit(convert_html($postdata));
$body .= '<div id="preview">' . $postdata . '</div>' . "\n";
}
- $body .= edit_form($page, $vars['msg'], $vars['digest'], FALSE);
+ $body .= edit_form($page, $msg, $vars['digest'], FALSE);
return array('msg'=>$_title_preview, 'body'=>$body);
}
{
static $usage = '&edit(pagename#anchor[[,noicon],nolabel])[{label}];';
- global $script, $vars, $fixed_heading_anchor_edit;
+ global $vars, $fixed_heading_anchor_edit;
+
+ if (PKWK_READONLY) return ''; // Show nothing
// Arguments
$args = func_get_args();
- $s_label = array_pop($args); // {label}
- $page = array_shift($args);
- if($page == NULL) $page = '';
+
+ // {label}. Strip anchor tags only
+ $s_label = strip_htmltag(array_pop($args), FALSE);
+
+ $page = array_shift($args);
+ if ($page === NULL) $page = '';
$_noicon = $_nolabel = FALSE;
foreach($args as $arg){
- switch($arg){
- case '': break;
+ switch(strtolower($arg)){
+ case '' : break;
case 'nolabel': $_nolabel = TRUE; break;
- case 'noicon': $_noicon = TRUE; break;
- default: return $usage;
+ case 'noicon' : $_noicon = TRUE; break;
+ default : return $usage;
}
}
// Separate a page-name and a fixed anchor
list($s_page, $id, $editable) = anchor_explode($page, TRUE);
+
// Default: This one
if ($s_page == '') $s_page = isset($vars['page']) ? $vars['page'] : '';
+
// $s_page fixed
$isfreeze = is_freeze($s_page);
$ispage = is_page($s_page);
// Paragraph edit enabled or not
- $short = htmlspecialchars('Edit');
+ $short = htmlsc('Edit');
if ($fixed_heading_anchor_edit && $editable && $ispage && ! $isfreeze) {
// Paragraph editing
$id = rawurlencode($id);
- $title = htmlspecialchars(sprintf('Edit %s', $page));
+ $title = htmlsc(sprintf('Edit %s', $page));
$icon = '<img src="' . IMAGE_DIR . 'paraedit.png' .
'" width="9" height="9" alt="' .
$short . '" title="' . $title . '" /> ';
- $class = 'anchor_super';
+ $class = ' class="anchor_super"';
} else {
// Normal editing / unfreeze
$id = '';
$title = 'Edit %s';
$icon = 'edit.png';
}
- $title = htmlspecialchars(sprintf($title, $s_page));
+ $title = htmlsc(sprintf($title, $s_page));
$icon = '<img src="' . IMAGE_DIR . $icon .
'" width="20" height="20" alt="' .
$short . '" title="' . $title . '" />';
}
// URL
+ $script = get_base_uri();
if ($isfreeze) {
$url = $script . '?cmd=unfreeze&page=' . rawurlencode($s_page);
} else {
- if ($id != '') {
- $s_id = '&id=' . $id;
- } else {
- $s_id = '';
- }
+ $s_id = ($id == '') ? '' : '&id=' . $id;
$url = $script . '?cmd=edit&page=' . rawurlencode($s_page) . $s_id;
}
- $atag = '<a class="' . $class . '" href="' . $url . '" title="' . $title . '">';
+ $atag = '<a' . $class . ' href="' . $url . '" title="' . $title . '">';
static $atags = '</a>';
if ($ispage) {
return $atag . $icon . $s_label . $atags;
} else {
// Dangling edit link
- return $atag . $icon . $atags . '<span class="noexists">' .
+ return '<span class="noexists">' . $atag . $icon . $atags .
$s_label . $atag . '?' . $atags . '</span>';
}
}
{
global $vars;
global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted;
+ global $notimeupdate, $_msg_invalidpass, $do_update_diff_table;
- $page = isset($vars['page']) ? $vars['page'] : '';
- $retvars = array();
+ $page = isset($vars['page']) ? $vars['page'] : '';
+ $add = isset($vars['add']) ? $vars['add'] : '';
+ $digest = isset($vars['digest']) ? $vars['digest'] : '';
- // ¼ê½ñ¤¤Î#freeze¤òºï½ü
- $vars['msg'] = preg_replace('/^#freeze\s*$/im','',$vars['msg']);
- $postdata = $postdata_input = $vars['msg'];
+ ensure_valid_page_name_length($page);
+ $vars['msg'] = preg_replace(PLUGIN_EDIT_FREEZE_REGEX, '', $vars['msg']);
+ $msg = & $vars['msg']; // Reference
- if (isset($vars['add']) && $vars['add']) {
- if (isset($vars['add_top']) && $vars['add_top']) {
- $postdata = $postdata . "\n\n" . @join('', get_source($page));
- } else {
- $postdata = @join('', get_source($page)) . "\n\n" . $postdata;
- }
- }
+ $retvars = array();
+ // Collision Detection
$oldpagesrc = join('', get_source($page));
$oldpagemd5 = md5($oldpagesrc);
+ if ($digest !== $oldpagemd5) {
+ $vars['digest'] = $oldpagemd5; // Reset
- if (! isset($vars['digest']) || $vars['digest'] != $oldpagemd5) {
- $vars['digest'] = $oldpagemd5;
-
- $retvars['msg'] = $_title_collided;
- list($postdata_input, $auto) = do_update_diff($oldpagesrc, $postdata_input, $vars['original']);
+ $original = isset($vars['original']) ? $vars['original'] : '';
+ $old_body = remove_author_info($oldpagesrc);
+ list($postdata_input, $auto) = do_update_diff($old_body, $msg, $original);
+ $retvars['msg' ] = $_title_collided;
$retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n";
-
- if (TRUE) {
- global $do_update_diff_table;
- $retvars['body'] .= $do_update_diff_table;
- }
-
+ $retvars['body'] .= $do_update_diff_table;
$retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE);
+ return $retvars;
}
- else {
- $notimestamp = (isset($vars['notimestamp']) && $vars['notimestamp'] != '');
- page_write($page, $postdata, $notimestamp);
- if ($postdata) {
- header('Location: ' . get_script_uri() . '?' . rawurlencode($page));
- exit;
+ // Action?
+ if ($add) {
+ // Add
+ if (isset($vars['add_top']) && $vars['add_top']) {
+ $postdata = $msg . "\n\n" . @join('', get_source($page));
+ } else {
+ $postdata = @join('', get_source($page)) . "\n\n" . $msg;
}
+ } else {
+ // Edit or Remove
+ $postdata = & $msg; // Reference
+ }
+
+ // NULL POSTING, OR removing existing page
+ if ($postdata === '') {
+ page_write($page, $postdata);
+ $retvars['msg' ] = $_title_deleted;
+ $retvars['body'] = str_replace('$1', htmlsc($page), $_title_deleted);
+ return $retvars;
+ }
- $retvars['msg'] = $_title_deleted;
- $retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted);
- tb_delete($page);
+ // $notimeupdate: Checkbox 'Do not change timestamp'
+ $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != '';
+ if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) {
+ // Enable only administrator & password error
+ $retvars['body'] = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
+ $retvars['body'] .= edit_form($page, $msg, $digest, FALSE);
+ return $retvars;
}
- return $retvars;
+ page_write($page, $postdata, $notimeupdate != 0 && $notimestamp);
+ pkwk_headers_sent();
+ header('Location: ' . get_page_uri($page, PKWK_URI_ROOT));
+ exit;
}
// Cancel (Back to the page / Escape edit page)
function plugin_edit_cancel()
{
global $vars;
- header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['page']));
+ pkwk_headers_sent();
+ header('Location: ' . get_page_uri($vars['page'], PKWK_URI_ROOT));
exit;
}
-?>
+/**
+ * Setup initial pages
+ */
+function plugin_edit_setup_initial_pages()
+{
+ global $autoalias, $no_autoticketlinkname;
+
+ // Related: Rename plugin
+ if (exist_plugin('rename') && function_exists('plugin_rename_setup_initial_pages')) {
+ plugin_rename_setup_initial_pages();
+ }
+ // AutoTicketLinkName page
+ if (! $no_autoticketlinkname) {
+ init_autoticketlink_def_page();
+ }
+ // AutoAliasName page
+ if ($autoalias) {
+ init_autoalias_def_page();
+ }
+}