diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-10-28 20:22:05 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-10-28 20:22:05 +0100 |
| commit | 23a363f01514464eb2238ac09ec7723d03d57ecb (patch) | |
| tree | 42c7dcff8c5b0e506a25d08ee5583ed2a24e8602 /inc/common.php | |
| parent | 25e48e54df60b3df6efa365daceb3a8966c8f427 (diff) | |
| parent | 75cf672f10a71f7dee6d50eb70b742689838bc36 (diff) | |
| download | rpg-23a363f01514464eb2238ac09ec7723d03d57ecb.tar.gz rpg-23a363f01514464eb2238ac09ec7723d03d57ecb.tar.bz2 | |
Merge branch 'master' into stable
* master: (413 commits)
release preparation
fixed strict violation in ACL plugin
Fix issues from teams:i18n:translation-check in localizations
ensure locale is set back to the original value
skip FS#2867 test if \s doesn't match \xA0 after attempting to change the locale
unittests for auth_loadACL
translation update
allow charset for SSO to be configured FS#2148
Mailer: avoid overlong headers in content ids FS#2868
translation update
translation update
replace \s, \S with [ \t], [^ \t] in regexs used with acls
translation update
translation update
translation update
translation update
Fix handling of the legacy subscription action name
remove obsolete opera handling and session closing
remove no longer used ajax.php
fix proxy CONNECT where HTTP 1.1 answer is given
...
Diffstat (limited to 'inc/common.php')
| -rw-r--r-- | inc/common.php | 109 |
1 files changed, 69 insertions, 40 deletions
diff --git a/inc/common.php b/inc/common.php index 03236f7d4..32771285b 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,7 +56,7 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']); + return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); } /** @@ -64,7 +64,7 @@ function getSecurityToken() { */ function checkSecurityToken($token = null) { global $INPUT; - if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check + if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { @@ -86,32 +86,20 @@ function formSecurityToken($print = true) { } /** - * Return info about the current document as associative - * array. + * Determine basic information for a request of $id * * @author Andreas Gohr <andi@splitbrain.org> + * @author Chris Smith <chris@jalakai.co.uk> */ -function pageinfo() { - global $ID; - global $REV; - global $RANGE; +function basicinfo($id, $htmlClient=true){ global $USERINFO; - global $lang; - - // include ID & REV not redundant, as some parts of DokuWiki may temporarily change $ID, e.g. p_wiki_xhtml - // FIXME ... perhaps it would be better to ensure the temporary changes weren't necessary - $info['id'] = $ID; - $info['rev'] = $REV; // set info about manager/admin status. $info['isadmin'] = false; $info['ismanager'] = false; if(isset($_SERVER['REMOTE_USER'])) { - $sub = new Subscription(); - $info['userinfo'] = $USERINFO; - $info['perm'] = auth_quickaclcheck($ID); - $info['subscribed'] = $sub->user_subscription(); + $info['perm'] = auth_quickaclcheck($id); $info['client'] = $_SERVER['REMOTE_USER']; if($info['perm'] == AUTH_ADMIN) { @@ -127,12 +115,46 @@ function pageinfo() { } } else { - $info['perm'] = auth_aclcheck($ID, '', null); - $info['subscribed'] = false; + $info['perm'] = auth_aclcheck($id, '', null); $info['client'] = clientIP(true); } - $info['namespace'] = getNS($ID); + $info['namespace'] = getNS($id); + + // mobile detection + if ($htmlClient) { + $info['ismobile'] = clientismobile(); + } + + return $info; + } + +/** + * Return info about the current document as associative + * array. + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function pageinfo() { + global $ID; + global $REV; + global $RANGE; + global $lang; + + $info = basicinfo($ID); + + // include ID & REV not redundant, as some parts of DokuWiki may temporarily change $ID, e.g. p_wiki_xhtml + // FIXME ... perhaps it would be better to ensure the temporary changes weren't necessary + $info['id'] = $ID; + $info['rev'] = $REV; + + if(isset($_SERVER['REMOTE_USER'])) { + $sub = new Subscription(); + $info['subscribed'] = $sub->user_subscription(); + } else { + $info['subscribed'] = false; + } + $info['locked'] = checklock($ID); $info['filepath'] = fullpath(wikiFN($ID)); $info['exists'] = @file_exists($info['filepath']); @@ -210,8 +232,18 @@ function pageinfo() { } } - // mobile detection - $info['ismobile'] = clientismobile(); + return $info; +} + +/** + * Return information about the current media item as an associative array. + */ +function mediainfo(){ + global $NS; + global $IMG; + + $info = basicinfo("$NS:*"); + $info['image'] = $IMG; return $info; } @@ -435,30 +467,31 @@ function exportlink($id = '', $format = 'raw', $more = '', $abs = false, $sep = */ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) { global $conf; - $isexternalimage = preg_match('#^(https?|ftp)://#i', $id); + $isexternalimage = media_isexternal($id); if(!$isexternalimage) { $id = cleanID($id); } if(is_array($more)) { // add token for resized images - if($more['w'] || $more['h']){ + if(!empty($more['w']) || !empty($more['h']) || $isexternalimage){ $more['tok'] = media_get_token($id,$more['w'],$more['h']); } // strip defaults for shorter URLs if(isset($more['cache']) && $more['cache'] == 'cache') unset($more['cache']); - if(!$more['w']) unset($more['w']); - if(!$more['h']) unset($more['h']); + if(empty($more['w'])) unset($more['w']); + if(empty($more['h'])) unset($more['h']); if(isset($more['id']) && $direct) unset($more['id']); $more = buildURLparams($more, $sep); } else { $matches = array(); - if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER)){ + if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER) || $isexternalimage){ $resize = array('w'=>0, 'h'=>0); foreach ($matches as $match){ $resize[$match[1]] = $match[2]; } - $more .= $sep.'tok='.media_get_token($id,$resize['w'],$resize['h']); + $more .= $more === '' ? '' : $sep; + $more .= 'tok='.media_get_token($id,$resize['w'],$resize['h']); } $more = str_replace('cache=cache', '', $more); //skip default $more = str_replace(',,', ',', $more); @@ -474,14 +507,8 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) // external URLs are always direct without rewriting if($isexternalimage) { $xlink .= 'lib/exe/fetch.php'; - // add hash: - $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); - if($more) { - $xlink .= $sep.$more; - $xlink .= $sep.'media='.rawurlencode($id); - } else { - $xlink .= $sep.'media='.rawurlencode($id); - } + $xlink .= '?'.$more; + $xlink .= $sep.'media='.rawurlencode($id); return $xlink; } @@ -557,12 +584,13 @@ function checkwordblock($text = '') { global $TEXT; global $PRE; global $SUF; + global $SUM; global $conf; global $INFO; if(!$conf['usewordblock']) return false; - if(!$text) $text = "$PRE $TEXT $SUF"; + if(!$text) $text = "$PRE $TEXT $SUF $SUM"; // we prepare the text a tiny bit to prevent spammers circumventing URL checks $text = preg_replace('!(\b)(www\.[\w.:?\-;,]+?\.[\w.:?\-;,]+?[\w/\#~:.?+=&%@\!\-.:?\-;,]+?)([.:?\-;,]*[^\w/\#~:.?+=&%@\!\-.:?\-;,])!i', '\1http://\2 \2\3', $text); @@ -1097,7 +1125,7 @@ function saveWikiText($id, $text, $summary, $minor = false) { // if useheading is enabled, purge the cache of all linking pages if(useHeading('content')) { - $pages = ft_backlinks($id); + $pages = ft_backlinks($id, true); foreach($pages as $page) { $cache = new cache_renderer($page, wikiFN($page), 'xhtml'); $cache->removeCache(); @@ -1597,7 +1625,8 @@ function set_doku_pref($pref, $val) { } if (!empty($cookieVal)) { - setcookie('DOKU_PREFS', $cookieVal, time()+365*24*3600, DOKU_BASE, '', ($conf['securecookie'] && is_ssl())); + $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; + setcookie('DOKU_PREFS', $cookieVal, time()+365*24*3600, $cookieDir, '', ($conf['securecookie'] && is_ssl())); } } |