From: <rob...@us...> - 2012-10-16 20:24:35
|
Revision: 43479 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=43479&view=rev Author: robertplummer Date: 2012-10-16 20:24:28 +0000 (Tue, 16 Oct 2012) Log Message: ----------- [FIX] check for pref existence first before checking if value = 'y' Added Paths: ----------- trunk/lib/core/WikiPlugin/Negotiator/Wiki.php Removed Paths: ------------- trunk/lib/core/WikiPlugin/Negotiator/Wiki.php Deleted: trunk/lib/core/WikiPlugin/Negotiator/Wiki.php =================================================================== --- trunk/lib/core/WikiPlugin/Negotiator/Wiki.php 2012-10-16 20:24:05 UTC (rev 43478) +++ trunk/lib/core/WikiPlugin/Negotiator/Wiki.php 2012-10-16 20:24:28 UTC (rev 43479) @@ -1,723 +0,0 @@ -<?php -// (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project -// -// All Rights Reserved. See copyright.txt for details and a complete list of authors. -// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. -// $Id$ - -class WikiPlugin_Negotiator_Wiki -{ - public $name; - public $args; - public $body; - public $syntax; - public $closing; - public $info; - public $fingerprint; - public $exists; //exists is set to true only for old style plugin - public $aliasExists; - public $index; - public $key; - public $needsParsed = true; - public $parserLevel = 0; - public $dontModify = false; - public $parser; - public $parserOption; - public $ignored = false; - - private $className; - private $class; //class exists for zend style and injected plugins - private $argParser; - private $page; - private $prefs; - - public static $standardRelativePath = 'lib/wiki-plugins/wikiplugin_'; - public static $zendRelativePath = 'lib/core/'; - public static $checkZendPaths = true; - static $pluginIndexes = array(); - static $pluginInfo = array(); - static $parserLevels = array(); - static $currentParserLevel = 0; - static $pluginsAwaitingExecution = array(); - static $pluginInstances = array(); - static $pluginDetails = array(); - - function __construct(& $parser) - { - $this->parser = & $parser; - $this->page = & $parser->page; - $this->prefs = & $parser->prefs; - $this->parserOption = & $parser->option; - $this->argParser = new WikiParser_PluginArgumentParser; - } - - public function inject($plugin) - { - self::$pluginInstances[get_class($plugin)] = $plugin; - } - - public function eject($className) - { - unset(self::$pluginInstances[$className]); - unset(self::$pluginInfo[$this->name]); - } - - function injectedExists() - { - if (isset(self::$pluginInstances[$this->name]) && gettype(self::$pluginInstances[$this->name]) == 'object') { - return true; - } - - return false; - } - - public function setDetails(& $pluginDetails) - { - $this->name = strtolower($pluginDetails['name']); - $this->className = 'WikiPlugin_' . $this->name; - - if ($this->zendExists() == true) { - if (empty(self::$pluginInstances[$this->className])) self::$pluginInstances[$this->className] = new $this->className; - $this->class = self::$pluginInstances[$this->className]; - } else if ($this->injectedExists() == true) { - $this->class = self::$pluginInstances[$this->name]; - } else { - $this->class = null; - } - - $this->args = $this->argParser->parse($pluginDetails['args']); - $this->body = & $pluginDetails['body']; - $this->key = $pluginDetails['key']; - $this->syntax = $pluginDetails['syntax']; - $this->closing = $pluginDetails['closing']; - $this->ignored = false; - - $this->exists = $this->exists(true); - $this->info = $this->info(); - $this->fingerprint = $this->fingerprint(); - $this->index = $this->incrementIndex(); - - self::$pluginDetails[$this->key] = &$pluginDetails; - } - - private function incrementIndex() - { - if (isset(self::$pluginIndexes[$this->name]) == false) self::$pluginIndexes[$this->name] = 0; - - self::$pluginIndexes[$this->name]++; - - return self::$pluginIndexes[$this->name]; - } - - function execute() - { - $output = ''; - if ($this->enabled($output) == false) { - $this->ignored = true; - return $output->toHtml(); - } - - - if (isset($this->class)) { - if (isset($this->class->parserLevel)) { - $this->parserLevel = $this->class->parserLevel; - - if ($this->parserLevel > self::$currentParserLevel) { - $this->addWaitingPlugin(); - return $this->key; - } else { - - $this->applyFilters(); - $button = $this->button(false); - $result = $this->class->exec($this->body, $this->args, $this->index, $this->parser, $button); - return $result; - } - } - } - - $fnName = strtolower('wikiplugin_' . $this->name); - - if ( $this->exists && function_exists($fnName) ) { - return $fnName($this->body, $this->args, $this->index, $this) . $this->button(); - } - - //If we make it this far, it most likley is a smarty black that can't be executed - $this->ignored = true; - return $this->toSyntax(); - } - - function toSyntax() - { - return $this->syntax . $this->body . $this->closing; - } - - function urlEncodeArgs() - { - $args = '';// not using http_build_query() as it converts spaces into + - if (!empty($this->args)) { - foreach ( $this->args as $argKey => $argValue ) { - if (is_array($argValue)) { - if (isset($this->info['params'][$argKey]['separator'])) { - $sep = $this->info['params'][$argKey]['separator']; - } else { - $sep = ','; - } - $args .= $argKey.'='.implode($sep, $argValue).'&'; - } else { - $args .= $argKey.'='.$argValue.'&'; - } - } - } - - $args = rtrim($args, '&'); - - return $args; - } - - private function addWaitingPlugin() - { - self::$parserLevels[] = $this->class->parserLevel; - sort(self::$parserLevels, SORT_NUMERIC); - array_unique(self::$parserLevels); - self::$pluginsAwaitingExecution[$this->key] = self::$pluginDetails[$this->key]; - } - - public function zendExists() - { - if (isset(self::$pluginInstances[$this->className])) { - return true; - } - - if (self::$checkZendPaths == true) { - return file_exists(str_replace('_', '/', self::$zendRelativePath . $this->className . '.php')) == true && class_exists($this->className) == true; - } else { - return @class_exists($this->className); //error suppression only used in special use cases, like phpunit for testing - } - } - - private function exists($include = false) - { - $phpName = self::$standardRelativePath . strtolower($this->name) . '.php'; - - $exists = file_exists($phpName); - - if ( $include && $exists ) { - include_once $phpName; - } - - if ( $exists ) { - return true; - } - - return false; - } - - function canExecute() - { - global $tikilib, $prefs; - // If validation is disabled, anything can execute - if ( $prefs['wiki_validate_plugin'] != 'y' ) { - return true; - } - - if ( ! isset( $this->info['validate'] ) ) { - return true; - } - - $val = $this->fingerprintCheck(); - - switch($val) { - case 'accept': - return true; - break; - case 'reject': - return 'rejected'; - break; - default: - global $tiki_p_plugin_approve, $tiki_p_plugin_preview; - if ( - isset($_SERVER['REQUEST_METHOD']) - && $_SERVER['REQUEST_METHOD'] == 'POST' - && isset( $_POST['plugin_fingerprint'] ) - && $_POST['plugin_fingerprint'] == $this->fingerprint - ) { - if ( $tiki_p_plugin_approve == 'y' ) { - if ( isset( $_POST['plugin_accept'] ) ) { - $this->fingerprintStore('accept'); - $tikilib->invalidate_cache($this->page); - return true; - } elseif ( isset( $_POST['plugin_reject'] ) ) { - $this->fingerprintStore('reject'); - $tikilib->invalidate_cache($this->page); - return 'rejected'; - } - } - - if ( $tiki_p_plugin_preview == 'y' - && isset( $_POST['plugin_preview'] ) ) { - return true; - } - } - - return $this->fingerprint; - } - } - - function enabled(& $output) - { - if ( ! $this->info ) - return true; // Legacy plugins always execute - - global $prefs; - - $missing = array(); - - if ( isset( $this->info['prefs'] ) ) { - foreach ( $this->info['prefs'] as $pref ) { - if ( $prefs[$pref] != 'y' ) { - $missing[] = $pref; - } - } - } - - if ( count($missing) > 0 ) { - $output = WikiParser_PluginOutput::disabled($this->name, $missing); - return false; - } - - return true; - } - - function isEditable() - { - global $tiki_p_edit, $prefs, $section; - - return ( - $section == 'wiki page' && - isset($this->info) && - $tiki_p_edit == 'y' && - $prefs['wiki_edit_plugin'] == 'y' && - !$this->isInline() - ); - } - - private function isInline() - { - if ( ! $this->info ) - return true; // Legacy plugins always inline - - if ( isset( $this->info['inline'] ) && $this->info['inline'] ) - return true; - - $inline_pref = 'wikiplugininline_' . $this->name; - if ( isset( $this->prefs[ $inline_pref ] ) && $this->prefs[ $inline_pref ] == 'y' ) - return true; - - return false; - } - - private function fingerprintStore( $type ) - { - global $tikilib; - - if ( $this->page ) { - $objectType = 'wiki page'; - $objectId = $this->page; - } else { - $objectType = ''; - $objectId = ''; - } - - $pluginSecurity = $tikilib->table('tiki_plugin_security'); - $pluginSecurity->delete(array('fingerprint' => $this->fingerprint)); - $pluginSecurity->insert( - array( - 'fingerprint' => $this->fingerprint, - 'status' => $type, - 'added_by' => $this->parser->user, - 'last_objectType' => $objectType, - 'last_objectId' => $objectId - ) - ); - } - - public function info() - { - if ( isset( self::$pluginInfo[$this->name] ) ) { - return self::$pluginInfo[$this->name]; - } - - if (isset($this->class)) { - self::$pluginInfo[$this->name] = $this->class->info(); - if (isset(self::$pluginInfo[$this->name]['params'])) { - self::$pluginInfo[$this->name]['params'] = array_merge(self::$pluginInfo[$this->name]['params'], $this->class->style()); - } - return self::$pluginInfo[$this->name]; - } - - if ( ! $this->exists ) { - return self::$pluginInfo[$this->name] = false; - } - - $funcNameInfo = "wikiplugin_{$this->name}_info"; - - if ( ! function_exists($funcNameInfo) ) { - if ( $info = $this->aliasInfo() ) { - return self::$pluginInfo[$this->name] = $info['description']; - } else { - return self::$pluginInfo[$this->name] = false; - } - } - - return self::$pluginInfo[$this->name] = $funcNameInfo(); - } - - function aliasInfo() - { - global $prefs; - - if (empty($this->name)) { - return false; - } - - $prefName = "pluginalias_" . $this->name; - - if ( ! isset( $prefs[$prefName] ) ) { - return false; - } - - return unserialize($prefs[$prefName]); - } - - - function aliasStore( $name, $data ) - { - /* - Input data structure: - - implementation: other plugin_name - description: - ** Equivalent of plugin info function here ** - body: - input: use|ignore - default: body content to use - params: - token_name: - input: token_name, default uses same name above - default: value to use if missing - encoding: none|html|url - default to none - params: - ; Use input parameter directly - token_name: default value - - ; Custom input parameter replacement - token_name: - pattern: body content to use - params: - token_name: - input: token_name, default uses same name above - default: value to use if missing - encoding: none|html|url - default to none - */ - if (empty($name)) { - return; - } - - $name = TikiLib::strtolower($name); - $data['plugin_name'] = $name; - - $prefName = "pluginalias_$name"; - $tikilib = TikiLib::lib('tiki'); - $tikilib->set_preference($prefName, serialize($data)); - - global $prefs; - $list = array(); - if ( isset($prefs['pluginaliaslist']) ) - $list = unserialize($prefs['pluginaliaslist']); - - if ( ! in_array($name, $list) ) { - $list[] = $name; - $tikilib->set_preference('pluginaliaslist', serialize($list)); - } - - foreach ( glob('temp/cache/wikiplugin_*') as $file ) - unlink($file); - - $cachelib = TikiLib::lib('cache'); - $cachelib->invalidate('plugindesc'); - } - - //* - function aliasDelete() - { - $tikilib = TikiLib::lib('tiki'); - $prefName = "pluginalias_" . $this->name; - - // Remove from list - $list = $tikilib->get_preference('pluginaliaslist', array(), true); - $list = array_diff($list, array( $this->name )); - $this->set_preference('pluginaliaslist', serialize($list)); - - // Remove the definition - $tikilib->delete_preference($prefName); - - // Clear cache - $cachelib = TikiLib::lib('cache'); - $cachelib->invalidate('plugindesc'); - foreach ( glob('temp/cache/wikiplugin_*') as $file ) - unlink($file); - } - - private function fingerprint() - { - $validate = (isset($this->info['validate']) ? $this->info['validate'] : ''); - - if ( $validate == 'all' || $validate == 'body' ) - $validateBody = str_replace('<x>', '', $this->body); // de-sanitize plugin body to make fingerprint consistant with 5.x - else - $validateBody = ''; - - if ( $validate == 'all' || $validate == 'arguments' ) { - $validateArgs = $this->args; - - // Remove arguments marked as safe from the fingerprint - foreach ( $this->info['params'] as $key => $info ) { - if ( isset( $validateArgs[$key] ) - && isset( $info['safe'] ) - && $info['safe'] - ) { - unset($validateArgs[$key]); - } - } - // Parameter order needs to be stable - ksort($validateArgs); - - if (empty($validateArgs)) { - $validateArgs = array( '' => '' ); // maintain compatibility with pre-Tiki 7 fingerprints - } - } else { - $validateArgs = array(); - } - - $bodyLen = str_pad(strlen($validateBody), 6, '0', STR_PAD_RIGHT); - $serialized = serialize($validateArgs); - $argsLen = str_pad(strlen($serialized), 6, '0', STR_PAD_RIGHT); - - $bodyHash = md5($validateBody); - $argsHash = md5($serialized); - - return "$this->name-$bodyHash-$argsHash-$bodyLen-$argsLen"; - } - - private function fingerprintCheck() - { - global $tikilib; - $limit = date('Y-m-d H:i:s', time() - 15*24*3600); - $result = $tikilib->query( - "SELECT status, if(status='pending' AND last_update < ?, 'old', '') flag - FROM tiki_plugin_security - WHERE fingerprint = ?", - array( $limit, $this->fingerprint ) - ); - - $needUpdate = false; - - if ( $row = $result->fetchRow() ) { - $status = $row['status']; - $flag = $row['flag']; - - if ( $status == 'accept' || $status == 'reject' ) { - return $status; - } - - if ( $flag == 'old' ) { - $needUpdate = true; - } - } else { - $needUpdate = true; - } - - if ( $needUpdate && !$this->dontModify ) { - if ( $this->page ) { - $objectType = 'wiki page'; - $objectId = $this->page; - } else { - $objectType = ''; - $objectId = ''; - } - - - $pluginSecurity = $tikilib->table('tiki_plugin_security'); - $pluginSecurity->delete(array('fingerprint' => $this->fingerprint)); - $pluginSecurity->insert( - array( - 'fingerprint' => $this->fingerprint, - 'status' => 'pending', - 'added_by' => $this->parser->user, - 'last_objectType' => $objectType, - 'last_objectId' => $objectId - ) - ); - } - - return ''; - } - - private function applyFilters() - { - global $tikilib; - - $default = TikiFilter::get(isset( $this->info['defaultfilter'] ) ? $this->info['defaultfilter'] : 'xss'); - - // Apply filters on the body - $filter = isset($this->info['filter']) ? TikiFilter::get($this->info['filter']) : $default; - $this->body = $filter->filter($this->body); - - if (!$this->parser->getOption('is_html')) { - $noparsed = array('data' => array(), 'key' => array()); - //$this->striUnparsedBlock($this->body, $noparsed); - $body = str_replace(array('<', '>'), array('<', '>'), $this->body); - foreach ($noparsed['data'] as &$instance) { - $instance = '~np~' . $instance . '~/np~'; - } - unset($instance); - $this->body = str_replace($noparsed['key'], $noparsed['data'], $body); - } - - // Make sure all arguments are declared - $params = & $this->info['params']; - if ( ! isset( $this->info['extraparams'] ) && is_array($params) ) { - $this->args = array_intersect_key($this->args, $params); - } - - // Apply filters on values individually - if (!empty($this->args)) { - foreach ( $this->args as $argKey => &$argValue ) { - $paramInfo = $params[$argKey]; - $filter = isset($paramInfo['filter']) ? TikiFilter::get($paramInfo['filter']) : $default; - $argValue = TikiLib::htmldecode($argValue); - - if ( isset($paramInfo['separator']) ) { - $vals = $tikilib->array_apply_filter($tikilib->multi_explode($paramInfo['separator'], $argValue), $filter); - - $argValue = array_values($vals); - } else { - $argValue = $filter->filter($argValue); - } - } - } - } - - function button($wrapInNp = true) - { - global $headerlib, $smarty; - - if ( - $this->isEditable() && - !$this->parser->getOption('preview_mode') && - !$this->parser->getOption('indexing') && - !$this->parser->getOption('print') && - !$this->parser->getOption('suppress_icons') && - !$this->parser->getOption('preview_mode') - ) { - $id = 'plugin-edit-' . $this->name . $this->index; - $iconDisplayStyle = ''; - if ( - $this->prefs['wiki_edit_icons_toggle'] == 'y' && - ( - $this->prefs['wiki_edit_plugin'] == 'y' || $this->prefs['wiki_edit_section'] == 'y' - ) - ) { - if (!isset($_COOKIE['wiki_plugin_edit_view'])) { - $iconDisplayStyle = ' style="display:none;"'; - } - } - - $headerlib->add_jsfile('tiki-jsplugin.php?language='.$this->prefs['language'], 'dynamic'); - if ($this->prefs['wikiplugin_module'] === 'y' && $this->prefs['wikiplugininline_module'] === 'n') { - $headerlib->add_jsfile('tiki-jsmodule.php?language='.$this->prefs['language'], 'dynamic'); - } - - $headerlib->add_jq_onready( - '$("#' . $id . '") - .click( function(event) {' - . ' popup_plugin_form(' - . json_encode('editwiki') . ', ' - . json_encode($this->name) . ', ' - . json_encode($this->index) . ', ' - . json_encode($this->page) . ', ' - . json_encode($this->args) . ', ' - . json_encode($this->body) - . ' , event.target' - . ' );' - . ' return false;' - . '})' - . '.hover(function() {' - . ' $(this).prev().addClass("ui-state-highlight");' - . '}, function() { ' - . ' $(this).prev().removeClass("ui-state-highlight");' - . '});' - ); - include_once('lib/smarty_tiki/function.icon.php'); - - $button = '<a id="' . $id . '" class="editplugin"' . $iconDisplayStyle . '>' . - smarty_function_icon(array('_id'=>'wiki_plugin_edit', 'alt'=>tra('Edit Plugin') . ':' . $this->name), $smarty) . - '</a>' - ; - - if ($wrapInNp == false) return $button; - - return '~np~' . $button . '~/np~'; - } - - return ''; - } - - function blockFromExecution($status = '') - { - global $smarty; - $smarty->assign('plugin_fingerprint', $status); - $smarty->assign('plugin_name', $this->name); - $smarty->assign('plugin_index', 0); - $smarty->assign('plugin_status', $status); - - global $tiki_p_plugin_viewdetail, $tiki_p_plugin_preview, $tiki_p_plugin_approve; - $details = $tiki_p_plugin_viewdetail == 'y' && $status != 'rejected'; - $preview = $tiki_p_plugin_preview == 'y' && $details && ! $this->parser->getOption('preview_mode'); - $approve = $tiki_p_plugin_approve == 'y' && $details && ! $this->parser->getOption('preview_mode'); - - if ($this->parser->getOption('inside_pretty')) { - $smarty->assign('plugin_details', ''); - } else { - $smarty->assign('plugin_details', $details); - } - - $smarty->assign('plugin_preview', $preview); - $smarty->assign('plugin_approve', $approve); - - $smarty->assign('plugin_body', $this->body); - $smarty->assign('plugin_args', $this->args); - - return trim($smarty->fetch('tiki-plugin_blocked.tpl')); - } - - function executeAwaiting(&$input) - { - foreach (self::$parserLevels as &$level) { - self::$currentParserLevel = $level; - foreach (self::$pluginsAwaitingExecution as &$pluginDetails) { - $this->setDetails($pluginDetails); - - if (self::$currentParserLevel == $level && strstr($input, $this->key)) { - $this->parser->plugin[$this->key] = $this->body; - - $result = $this->parser->parsePlugin($this->execute()); - - $input = str_replace($this->key, $result, $input); - - unset($pluginDetails); - } - } - } - } -} Added: trunk/lib/core/WikiPlugin/Negotiator/Wiki.php =================================================================== --- trunk/lib/core/WikiPlugin/Negotiator/Wiki.php (rev 0) +++ trunk/lib/core/WikiPlugin/Negotiator/Wiki.php 2012-10-16 20:24:28 UTC (rev 43479) @@ -0,0 +1,723 @@ +<?php +// (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project +// +// All Rights Reserved. See copyright.txt for details and a complete list of authors. +// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. +// $Id: Wiki.php 43477 2012-10-16 20:16:27Z robertplummer $ + +class WikiPlugin_Negotiator_Wiki +{ + public $name; + public $args; + public $body; + public $syntax; + public $closing; + public $info; + public $fingerprint; + public $exists; //exists is set to true only for old style plugin + public $aliasExists; + public $index; + public $key; + public $needsParsed = true; + public $parserLevel = 0; + public $dontModify = false; + public $parser; + public $parserOption; + public $ignored = false; + + private $className; + private $class; //class exists for zend style and injected plugins + private $argParser; + private $page; + private $prefs; + + public static $standardRelativePath = 'lib/wiki-plugins/wikiplugin_'; + public static $zendRelativePath = 'lib/core/'; + public static $checkZendPaths = true; + static $pluginIndexes = array(); + static $pluginInfo = array(); + static $parserLevels = array(); + static $currentParserLevel = 0; + static $pluginsAwaitingExecution = array(); + static $pluginInstances = array(); + static $pluginDetails = array(); + + function __construct(& $parser) + { + $this->parser = & $parser; + $this->page = & $parser->page; + $this->prefs = & $parser->prefs; + $this->parserOption = & $parser->option; + $this->argParser = new WikiParser_PluginArgumentParser; + } + + public function inject($plugin) + { + self::$pluginInstances[get_class($plugin)] = $plugin; + } + + public function eject($className) + { + unset(self::$pluginInstances[$className]); + unset(self::$pluginInfo[$this->name]); + } + + function injectedExists() + { + if (isset(self::$pluginInstances[$this->name]) && gettype(self::$pluginInstances[$this->name]) == 'object') { + return true; + } + + return false; + } + + public function setDetails(& $pluginDetails) + { + $this->name = strtolower($pluginDetails['name']); + $this->className = 'WikiPlugin_' . $this->name; + + if ($this->zendExists() == true) { + if (empty(self::$pluginInstances[$this->className])) self::$pluginInstances[$this->className] = new $this->className; + $this->class = self::$pluginInstances[$this->className]; + } else if ($this->injectedExists() == true) { + $this->class = self::$pluginInstances[$this->name]; + } else { + $this->class = null; + } + + $this->args = $this->argParser->parse($pluginDetails['args']); + $this->body = & $pluginDetails['body']; + $this->key = $pluginDetails['key']; + $this->syntax = $pluginDetails['syntax']; + $this->closing = $pluginDetails['closing']; + $this->ignored = false; + + $this->exists = $this->exists(true); + $this->info = $this->info(); + $this->fingerprint = $this->fingerprint(); + $this->index = $this->incrementIndex(); + + self::$pluginDetails[$this->key] = &$pluginDetails; + } + + private function incrementIndex() + { + if (isset(self::$pluginIndexes[$this->name]) == false) self::$pluginIndexes[$this->name] = 0; + + self::$pluginIndexes[$this->name]++; + + return self::$pluginIndexes[$this->name]; + } + + function execute() + { + $output = ''; + if ($this->enabled($output) == false) { + $this->ignored = true; + return $output->toHtml(); + } + + + if (isset($this->class)) { + if (isset($this->class->parserLevel)) { + $this->parserLevel = $this->class->parserLevel; + + if ($this->parserLevel > self::$currentParserLevel) { + $this->addWaitingPlugin(); + return $this->key; + } else { + + $this->applyFilters(); + $button = $this->button(false); + $result = $this->class->exec($this->body, $this->args, $this->index, $this->parser, $button); + return $result; + } + } + } + + $fnName = strtolower('wikiplugin_' . $this->name); + + if ( $this->exists && function_exists($fnName) ) { + return $fnName($this->body, $this->args, $this->index, $this) . $this->button(); + } + + //If we make it this far, it most likley is a smarty black that can't be executed + $this->ignored = true; + return $this->toSyntax(); + } + + function toSyntax() + { + return $this->syntax . $this->body . $this->closing; + } + + function urlEncodeArgs() + { + $args = '';// not using http_build_query() as it converts spaces into + + if (!empty($this->args)) { + foreach ( $this->args as $argKey => $argValue ) { + if (is_array($argValue)) { + if (isset($this->info['params'][$argKey]['separator'])) { + $sep = $this->info['params'][$argKey]['separator']; + } else { + $sep = ','; + } + $args .= $argKey.'='.implode($sep, $argValue).'&'; + } else { + $args .= $argKey.'='.$argValue.'&'; + } + } + } + + $args = rtrim($args, '&'); + + return $args; + } + + private function addWaitingPlugin() + { + self::$parserLevels[] = $this->class->parserLevel; + sort(self::$parserLevels, SORT_NUMERIC); + array_unique(self::$parserLevels); + self::$pluginsAwaitingExecution[$this->key] = self::$pluginDetails[$this->key]; + } + + public function zendExists() + { + if (isset(self::$pluginInstances[$this->className])) { + return true; + } + + if (self::$checkZendPaths == true) { + return file_exists(str_replace('_', '/', self::$zendRelativePath . $this->className . '.php')) == true && class_exists($this->className) == true; + } else { + return @class_exists($this->className); //error suppression only used in special use cases, like phpunit for testing + } + } + + private function exists($include = false) + { + $phpName = self::$standardRelativePath . strtolower($this->name) . '.php'; + + $exists = file_exists($phpName); + + if ( $include && $exists ) { + include_once $phpName; + } + + if ( $exists ) { + return true; + } + + return false; + } + + function canExecute() + { + global $tikilib, $prefs; + // If validation is disabled, anything can execute + if ( $prefs['wiki_validate_plugin'] != 'y' ) { + return true; + } + + if ( ! isset( $this->info['validate'] ) ) { + return true; + } + + $val = $this->fingerprintCheck(); + + switch($val) { + case 'accept': + return true; + break; + case 'reject': + return 'rejected'; + break; + default: + global $tiki_p_plugin_approve, $tiki_p_plugin_preview; + if ( + isset($_SERVER['REQUEST_METHOD']) + && $_SERVER['REQUEST_METHOD'] == 'POST' + && isset( $_POST['plugin_fingerprint'] ) + && $_POST['plugin_fingerprint'] == $this->fingerprint + ) { + if ( $tiki_p_plugin_approve == 'y' ) { + if ( isset( $_POST['plugin_accept'] ) ) { + $this->fingerprintStore('accept'); + $tikilib->invalidate_cache($this->page); + return true; + } elseif ( isset( $_POST['plugin_reject'] ) ) { + $this->fingerprintStore('reject'); + $tikilib->invalidate_cache($this->page); + return 'rejected'; + } + } + + if ( $tiki_p_plugin_preview == 'y' + && isset( $_POST['plugin_preview'] ) ) { + return true; + } + } + + return $this->fingerprint; + } + } + + function enabled(& $output) + { + if ( ! $this->info ) + return true; // Legacy plugins always execute + + global $prefs; + + $missing = array(); + + if ( isset( $this->info['prefs'] ) ) { + foreach ( $this->info['prefs'] as $pref ) { + if ( isset($prefs[$pref]) && $prefs[$pref] != 'y' ) { + $missing[] = $pref; + } + } + } + + if ( count($missing) > 0 ) { + $output = WikiParser_PluginOutput::disabled($this->name, $missing); + return false; + } + + return true; + } + + function isEditable() + { + global $tiki_p_edit, $prefs, $section; + + return ( + $section == 'wiki page' && + isset($this->info) && + $tiki_p_edit == 'y' && + $prefs['wiki_edit_plugin'] == 'y' && + !$this->isInline() + ); + } + + private function isInline() + { + if ( ! $this->info ) + return true; // Legacy plugins always inline + + if ( isset( $this->info['inline'] ) && $this->info['inline'] ) + return true; + + $inline_pref = 'wikiplugininline_' . $this->name; + if ( isset( $this->prefs[ $inline_pref ] ) && $this->prefs[ $inline_pref ] == 'y' ) + return true; + + return false; + } + + private function fingerprintStore( $type ) + { + global $tikilib; + + if ( $this->page ) { + $objectType = 'wiki page'; + $objectId = $this->page; + } else { + $objectType = ''; + $objectId = ''; + } + + $pluginSecurity = $tikilib->table('tiki_plugin_security'); + $pluginSecurity->delete(array('fingerprint' => $this->fingerprint)); + $pluginSecurity->insert( + array( + 'fingerprint' => $this->fingerprint, + 'status' => $type, + 'added_by' => $this->parser->user, + 'last_objectType' => $objectType, + 'last_objectId' => $objectId + ) + ); + } + + public function info() + { + if ( isset( self::$pluginInfo[$this->name] ) ) { + return self::$pluginInfo[$this->name]; + } + + if (isset($this->class)) { + self::$pluginInfo[$this->name] = $this->class->info(); + if (isset(self::$pluginInfo[$this->name]['params'])) { + self::$pluginInfo[$this->name]['params'] = array_merge(self::$pluginInfo[$this->name]['params'], $this->class->style()); + } + return self::$pluginInfo[$this->name]; + } + + if ( ! $this->exists ) { + return self::$pluginInfo[$this->name] = false; + } + + $funcNameInfo = "wikiplugin_{$this->name}_info"; + + if ( ! function_exists($funcNameInfo) ) { + if ( $info = $this->aliasInfo() ) { + return self::$pluginInfo[$this->name] = $info['description']; + } else { + return self::$pluginInfo[$this->name] = false; + } + } + + return self::$pluginInfo[$this->name] = $funcNameInfo(); + } + + function aliasInfo() + { + global $prefs; + + if (empty($this->name)) { + return false; + } + + $prefName = "pluginalias_" . $this->name; + + if ( ! isset( $prefs[$prefName] ) ) { + return false; + } + + return unserialize($prefs[$prefName]); + } + + + function aliasStore( $name, $data ) + { + /* + Input data structure: + + implementation: other plugin_name + description: + ** Equivalent of plugin info function here ** + body: + input: use|ignore + default: body content to use + params: + token_name: + input: token_name, default uses same name above + default: value to use if missing + encoding: none|html|url - default to none + params: + ; Use input parameter directly + token_name: default value + + ; Custom input parameter replacement + token_name: + pattern: body content to use + params: + token_name: + input: token_name, default uses same name above + default: value to use if missing + encoding: none|html|url - default to none + */ + if (empty($name)) { + return; + } + + $name = TikiLib::strtolower($name); + $data['plugin_name'] = $name; + + $prefName = "pluginalias_$name"; + $tikilib = TikiLib::lib('tiki'); + $tikilib->set_preference($prefName, serialize($data)); + + global $prefs; + $list = array(); + if ( isset($prefs['pluginaliaslist']) ) + $list = unserialize($prefs['pluginaliaslist']); + + if ( ! in_array($name, $list) ) { + $list[] = $name; + $tikilib->set_preference('pluginaliaslist', serialize($list)); + } + + foreach ( glob('temp/cache/wikiplugin_*') as $file ) + unlink($file); + + $cachelib = TikiLib::lib('cache'); + $cachelib->invalidate('plugindesc'); + } + + //* + function aliasDelete() + { + $tikilib = TikiLib::lib('tiki'); + $prefName = "pluginalias_" . $this->name; + + // Remove from list + $list = $tikilib->get_preference('pluginaliaslist', array(), true); + $list = array_diff($list, array( $this->name )); + $this->set_preference('pluginaliaslist', serialize($list)); + + // Remove the definition + $tikilib->delete_preference($prefName); + + // Clear cache + $cachelib = TikiLib::lib('cache'); + $cachelib->invalidate('plugindesc'); + foreach ( glob('temp/cache/wikiplugin_*') as $file ) + unlink($file); + } + + private function fingerprint() + { + $validate = (isset($this->info['validate']) ? $this->info['validate'] : ''); + + if ( $validate == 'all' || $validate == 'body' ) + $validateBody = str_replace('<x>', '', $this->body); // de-sanitize plugin body to make fingerprint consistant with 5.x + else + $validateBody = ''; + + if ( $validate == 'all' || $validate == 'arguments' ) { + $validateArgs = $this->args; + + // Remove arguments marked as safe from the fingerprint + foreach ( $this->info['params'] as $key => $info ) { + if ( isset( $validateArgs[$key] ) + && isset( $info['safe'] ) + && $info['safe'] + ) { + unset($validateArgs[$key]); + } + } + // Parameter order needs to be stable + ksort($validateArgs); + + if (empty($validateArgs)) { + $validateArgs = array( '' => '' ); // maintain compatibility with pre-Tiki 7 fingerprints + } + } else { + $validateArgs = array(); + } + + $bodyLen = str_pad(strlen($validateBody), 6, '0', STR_PAD_RIGHT); + $serialized = serialize($validateArgs); + $argsLen = str_pad(strlen($serialized), 6, '0', STR_PAD_RIGHT); + + $bodyHash = md5($validateBody); + $argsHash = md5($serialized); + + return "$this->name-$bodyHash-$argsHash-$bodyLen-$argsLen"; + } + + private function fingerprintCheck() + { + global $tikilib; + $limit = date('Y-m-d H:i:s', time() - 15*24*3600); + $result = $tikilib->query( + "SELECT status, if(status='pending' AND last_update < ?, 'old', '') flag + FROM tiki_plugin_security + WHERE fingerprint = ?", + array( $limit, $this->fingerprint ) + ); + + $needUpdate = false; + + if ( $row = $result->fetchRow() ) { + $status = $row['status']; + $flag = $row['flag']; + + if ( $status == 'accept' || $status == 'reject' ) { + return $status; + } + + if ( $flag == 'old' ) { + $needUpdate = true; + } + } else { + $needUpdate = true; + } + + if ( $needUpdate && !$this->dontModify ) { + if ( $this->page ) { + $objectType = 'wiki page'; + $objectId = $this->page; + } else { + $objectType = ''; + $objectId = ''; + } + + + $pluginSecurity = $tikilib->table('tiki_plugin_security'); + $pluginSecurity->delete(array('fingerprint' => $this->fingerprint)); + $pluginSecurity->insert( + array( + 'fingerprint' => $this->fingerprint, + 'status' => 'pending', + 'added_by' => $this->parser->user, + 'last_objectType' => $objectType, + 'last_objectId' => $objectId + ) + ); + } + + return ''; + } + + private function applyFilters() + { + global $tikilib; + + $default = TikiFilter::get(isset( $this->info['defaultfilter'] ) ? $this->info['defaultfilter'] : 'xss'); + + // Apply filters on the body + $filter = isset($this->info['filter']) ? TikiFilter::get($this->info['filter']) : $default; + $this->body = $filter->filter($this->body); + + if (!$this->parser->getOption('is_html')) { + $noparsed = array('data' => array(), 'key' => array()); + //$this->striUnparsedBlock($this->body, $noparsed); + $body = str_replace(array('<', '>'), array('<', '>'), $this->body); + foreach ($noparsed['data'] as &$instance) { + $instance = '~np~' . $instance . '~/np~'; + } + unset($instance); + $this->body = str_replace($noparsed['key'], $noparsed['data'], $body); + } + + // Make sure all arguments are declared + $params = & $this->info['params']; + if ( ! isset( $this->info['extraparams'] ) && is_array($params) ) { + $this->args = array_intersect_key($this->args, $params); + } + + // Apply filters on values individually + if (!empty($this->args)) { + foreach ( $this->args as $argKey => &$argValue ) { + $paramInfo = $params[$argKey]; + $filter = isset($paramInfo['filter']) ? TikiFilter::get($paramInfo['filter']) : $default; + $argValue = TikiLib::htmldecode($argValue); + + if ( isset($paramInfo['separator']) ) { + $vals = $tikilib->array_apply_filter($tikilib->multi_explode($paramInfo['separator'], $argValue), $filter); + + $argValue = array_values($vals); + } else { + $argValue = $filter->filter($argValue); + } + } + } + } + + function button($wrapInNp = true) + { + global $headerlib, $smarty; + + if ( + $this->isEditable() && + !$this->parser->getOption('preview_mode') && + !$this->parser->getOption('indexing') && + !$this->parser->getOption('print') && + !$this->parser->getOption('suppress_icons') && + !$this->parser->getOption('preview_mode') + ) { + $id = 'plugin-edit-' . $this->name . $this->index; + $iconDisplayStyle = ''; + if ( + $this->prefs['wiki_edit_icons_toggle'] == 'y' && + ( + $this->prefs['wiki_edit_plugin'] == 'y' || $this->prefs['wiki_edit_section'] == 'y' + ) + ) { + if (!isset($_COOKIE['wiki_plugin_edit_view'])) { + $iconDisplayStyle = ' style="display:none;"'; + } + } + + $headerlib->add_jsfile('tiki-jsplugin.php?language='.$this->prefs['language'], 'dynamic'); + if ($this->prefs['wikiplugin_module'] === 'y' && $this->prefs['wikiplugininline_module'] === 'n') { + $headerlib->add_jsfile('tiki-jsmodule.php?language='.$this->prefs['language'], 'dynamic'); + } + + $headerlib->add_jq_onready( + '$("#' . $id . '") + .click( function(event) {' + . ' popup_plugin_form(' + . json_encode('editwiki') . ', ' + . json_encode($this->name) . ', ' + . json_encode($this->index) . ', ' + . json_encode($this->page) . ', ' + . json_encode($this->args) . ', ' + . json_encode($this->body) + . ' , event.target' + . ' );' + . ' return false;' + . '})' + . '.hover(function() {' + . ' $(this).prev().addClass("ui-state-highlight");' + . '}, function() { ' + . ' $(this).prev().removeClass("ui-state-highlight");' + . '});' + ); + include_once('lib/smarty_tiki/function.icon.php'); + + $button = '<a id="' . $id . '" class="editplugin"' . $iconDisplayStyle . '>' . + smarty_function_icon(array('_id'=>'wiki_plugin_edit', 'alt'=>tra('Edit Plugin') . ':' . $this->name), $smarty) . + '</a>' + ; + + if ($wrapInNp == false) return $button; + + return '~np~' . $button . '~/np~'; + } + + return ''; + } + + function blockFromExecution($status = '') + { + global $smarty; + $smarty->assign('plugin_fingerprint', $status); + $smarty->assign('plugin_name', $this->name); + $smarty->assign('plugin_index', 0); + $smarty->assign('plugin_status', $status); + + global $tiki_p_plugin_viewdetail, $tiki_p_plugin_preview, $tiki_p_plugin_approve; + $details = $tiki_p_plugin_viewdetail == 'y' && $status != 'rejected'; + $preview = $tiki_p_plugin_preview == 'y' && $details && ! $this->parser->getOption('preview_mode'); + $approve = $tiki_p_plugin_approve == 'y' && $details && ! $this->parser->getOption('preview_mode'); + + if ($this->parser->getOption('inside_pretty')) { + $smarty->assign('plugin_details', ''); + } else { + $smarty->assign('plugin_details', $details); + } + + $smarty->assign('plugin_preview', $preview); + $smarty->assign('plugin_approve', $approve); + + $smarty->assign('plugin_body', $this->body); + $smarty->assign('plugin_args', $this->args); + + return trim($smarty->fetch('tiki-plugin_blocked.tpl')); + } + + function executeAwaiting(&$input) + { + foreach (self::$parserLevels as &$level) { + self::$currentParserLevel = $level; + foreach (self::$pluginsAwaitingExecution as &$pluginDetails) { + $this->setDetails($pluginDetails); + + if (self::$currentParserLevel == $level && strstr($input, $this->key)) { + $this->parser->plugin[$this->key] = $this->body; + + $result = $this->parser->parsePlugin($this->execute()); + + $input = str_replace($this->key, $result, $input); + + unset($pluginDetails); + } + } + } + } +} This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |