From 1015a57dff9a6f85b8e0534d280aa1e09945a598 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 16 Feb 2013 21:08:09 +0000 Subject: FS#2415 add to mediamanager (refactor pageinfo() and shift MEDIAMANAGER_STARTED after mediainfo() sets up ) --- inc/common.php | 68 ++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 21 deletions(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 28b527633..d4265f78c 100644 --- a/inc/common.php +++ b/inc/common.php @@ -86,32 +86,20 @@ function formSecurityToken($print = true) { } /** - * Return info about the current document as associative - * array. + * Determine basic information for a request of $id * - * @author Andreas Gohr + * @param unknown_type $id + * @param unknown_type $httpClient */ -function pageinfo() { - global $ID; - global $REV; - global $RANGE; +function basicinfo($id, $htmlClient=true){ global $USERINFO; - global $lang; - - // include ID & REV not redundant, as some parts of DokuWiki may temporarily change $ID, e.g. p_wiki_xhtml - // FIXME ... perhaps it would be better to ensure the temporary changes weren't necessary - $info['id'] = $ID; - $info['rev'] = $REV; // set info about manager/admin status. $info['isadmin'] = false; $info['ismanager'] = false; if(isset($_SERVER['REMOTE_USER'])) { - $sub = new Subscription(); - $info['userinfo'] = $USERINFO; - $info['perm'] = auth_quickaclcheck($ID); - $info['subscribed'] = $sub->user_subscription(); + $info['perm'] = auth_quickaclcheck($id); $info['client'] = $_SERVER['REMOTE_USER']; if($info['perm'] == AUTH_ADMIN) { @@ -127,12 +115,40 @@ function pageinfo() { } } else { - $info['perm'] = auth_aclcheck($ID, '', null); + $info['perm'] = auth_aclcheck($id, '', null); $info['subscribed'] = false; $info['client'] = clientIP(true); } - $info['namespace'] = getNS($ID); + $info['namespace'] = getNS($id); + + // mobile detection + if ($htmlClient) { + $info['ismobile'] = clientismobile(); + } + + return $info; + } + +/** + * Return info about the current document as associative + * array. + * + * @author Andreas Gohr + */ +function pageinfo() { + global $ID; + global $REV; + global $RANGE; + global $lang; + + $info = basicinfo($ID); + + // include ID & REV not redundant, as some parts of DokuWiki may temporarily change $ID, e.g. p_wiki_xhtml + // FIXME ... perhaps it would be better to ensure the temporary changes weren't necessary + $info['id'] = $ID; + $info['rev'] = $REV; + $info['locked'] = checklock($ID); $info['filepath'] = fullpath(wikiFN($ID)); $info['exists'] = @file_exists($info['filepath']); @@ -210,8 +226,18 @@ function pageinfo() { } } - // mobile detection - $info['ismobile'] = clientismobile(); + return $info; +} + +/** + * Return information about the current media item as an associative array. + */ +function mediainfo(){ + global $NS; + global $IMG; + + $info = basicinfo("$NS:*"); + $info['image'] = $IMG; return $info; } -- cgit v1.2.3 From 7e87a794494ea987ebc31decd939a25d44a5c00d Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 17 Feb 2013 20:03:38 +0000 Subject: fix missing 'subscribed' key --- inc/common.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index d4265f78c..5c28cf9c3 100644 --- a/inc/common.php +++ b/inc/common.php @@ -88,8 +88,8 @@ function formSecurityToken($print = true) { /** * Determine basic information for a request of $id * - * @param unknown_type $id - * @param unknown_type $httpClient + * @author Andreas Gohr + * @author Chris Smith */ function basicinfo($id, $htmlClient=true){ global $USERINFO; @@ -116,7 +116,6 @@ function basicinfo($id, $htmlClient=true){ } else { $info['perm'] = auth_aclcheck($id, '', null); - $info['subscribed'] = false; $info['client'] = clientIP(true); } @@ -149,6 +148,13 @@ function pageinfo() { $info['id'] = $ID; $info['rev'] = $REV; + if(isset($_SERVER['REMOTE_USER'])) { + $sub = new Subscription(); + $info['subscribed'] = $sub->user_subscription(); + } else { + $info['subscribed'] = false; + } + $info['locked'] = checklock($ID); $info['filepath'] = fullpath(wikiFN($ID)); $info['exists'] = @file_exists($info['filepath']); -- cgit v1.2.3 From 826d276602b191ee09d3450f7a8f9476c0e787b1 Mon Sep 17 00:00:00 2001 From: Klap-in Date: Tue, 21 May 2013 12:06:16 +0200 Subject: Clean internal ids in ml(), that it matches with fetch.php The resize token was broken because fetch.php cleans the id before the token calculation, while ml() uses the raw id --- inc/common.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 4d939ac77..03236f7d4 100644 --- a/inc/common.php +++ b/inc/common.php @@ -435,6 +435,11 @@ function exportlink($id = '', $format = 'raw', $more = '', $abs = false, $sep = */ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) { global $conf; + $isexternalimage = preg_match('#^(https?|ftp)://#i', $id); + if(!$isexternalimage) { + $id = cleanID($id); + } + if(is_array($more)) { // add token for resized images if($more['w'] || $more['h']){ @@ -467,7 +472,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) } // external URLs are always direct without rewriting - if(preg_match('#^(https?|ftp)://#i', $id)) { + if($isexternalimage) { $xlink .= 'lib/exe/fetch.php'; // add hash: $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); -- cgit v1.2.3 From cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 31 May 2013 09:22:45 +0200 Subject: use hmac for external ressource hash FS#2794 --- inc/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 4d939ac77..e096d8b30 100644 --- a/inc/common.php +++ b/inc/common.php @@ -470,7 +470,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(preg_match('#^(https?|ftp)://#i', $id)) { $xlink .= 'lib/exe/fetch.php'; // add hash: - $xlink .= '?hash='.substr(md5(auth_cookiesalt().$id), 0, 6); + $xlink .= '?hash='.substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); if($more) { $xlink .= $sep.$more; $xlink .= $sep.'media='.rawurlencode($id); -- cgit v1.2.3 From a132f948f22ae344760ee3da82f9f92cf0f18b7b Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 31 May 2013 09:25:43 +0200 Subject: use HMAC for CSRF security tokens FS#2794 --- inc/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index e096d8b30..55c5b5ac4 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,7 +56,7 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']); + return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); } /** -- cgit v1.2.3 From b9ee6a44e7499b5c2e9f117096cedc769ef2e25d Mon Sep 17 00:00:00 2001 From: Klap-in Date: Sun, 9 Jun 2013 23:04:52 +0200 Subject: apply media_isexternal in ml() --- inc/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 59ceb0c0d..5f045e72d 100644 --- a/inc/common.php +++ b/inc/common.php @@ -435,7 +435,7 @@ function exportlink($id = '', $format = 'raw', $more = '', $abs = false, $sep = */ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) { global $conf; - $isexternalimage = preg_match('#^(https?|ftp)://#i', $id); + $isexternalimage = media_isexternal($id); if(!$isexternalimage) { $id = cleanID($id); } -- cgit v1.2.3 From e0086ca277bafe4f068079a4655a5601914a6f03 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 12 Jun 2013 21:45:37 +0200 Subject: check for spam in summary as well, added common spam summary --- inc/common.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 59ceb0c0d..760a9f6dc 100644 --- a/inc/common.php +++ b/inc/common.php @@ -557,12 +557,13 @@ function checkwordblock($text = '') { global $TEXT; global $PRE; global $SUF; + global $SUM; global $conf; global $INFO; if(!$conf['usewordblock']) return false; - if(!$text) $text = "$PRE $TEXT $SUF"; + if(!$text) $text = "$PRE $TEXT $SUF $SUM"; // we prepare the text a tiny bit to prevent spammers circumventing URL checks $text = preg_replace('!(\b)(www\.[\w.:?\-;,]+?\.[\w.:?\-;,]+?[\w/\#~:.?+=&%@\!\-.:?\-;,]+?)([.:?\-;,]*[^\w/\#~:.?+=&%@\!\-.:?\-;,])!i', '\1http://\2 \2\3', $text); -- cgit v1.2.3 From 07ff0babae240ba072a3bc8b83a989c4305c24cd Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Wed, 31 Jul 2013 17:20:00 +0200 Subject: Fix the useheading cache invalidation for hidden pages, add tests This adds a new parameter to ft_backlinks() to ignore permissions which is needed for invalidating the cache of linking pages with useheading enabled. This also adds various test cases for ft_backlinks(). --- inc/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 1b4d9e8e4..bff6e80de 100644 --- a/inc/common.php +++ b/inc/common.php @@ -1130,7 +1130,7 @@ function saveWikiText($id, $text, $summary, $minor = false) { // if useheading is enabled, purge the cache of all linking pages if(useHeading('content')) { - $pages = ft_backlinks($id); + $pages = ft_backlinks($id, true); foreach($pages as $page) { $cache = new cache_renderer($page, wikiFN($page), 'xhtml'); $cache->removeCache(); -- cgit v1.2.3 From cc036f74ff14c387f24d72f5a52f2f158208846e Mon Sep 17 00:00:00 2001 From: Klap-in Date: Thu, 1 Aug 2013 23:06:03 +0200 Subject: remove hash for external images, but use token url parameter instead --- inc/common.php | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 1b4d9e8e4..a34cf96c0 100644 --- a/inc/common.php +++ b/inc/common.php @@ -148,7 +148,7 @@ function pageinfo() { $info['id'] = $ID; $info['rev'] = $REV; - if(isset($_SERVER['REMOTE_USER'])) { + if(isset($_SERVER['REMOTE_USER'])) { $sub = new Subscription(); $info['subscribed'] = $sub->user_subscription(); } else { @@ -474,7 +474,7 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(is_array($more)) { // add token for resized images - if($more['w'] || $more['h']){ + if($more['w'] || $more['h'] || $isexternalimage){ $more['tok'] = media_get_token($id,$more['w'],$more['h']); } // strip defaults for shorter URLs @@ -485,12 +485,13 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) $more = buildURLparams($more, $sep); } else { $matches = array(); - if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER)){ + if (preg_match_all('/\b(w|h)=(\d*)\b/',$more,$matches,PREG_SET_ORDER) || $isexternalimage){ $resize = array('w'=>0, 'h'=>0); foreach ($matches as $match){ $resize[$match[1]] = $match[2]; } - $more .= $sep.'tok='.media_get_token($id,$resize['w'],$resize['h']); + $more .= $more === '' ? '' : $sep; + $more .= 'tok='.media_get_token($id,$resize['w'],$resize['h']); } $more = str_replace('cache=cache', '', $more); //skip default $more = str_replace(',,', ',', $more); @@ -506,14 +507,8 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) // external URLs are always direct without rewriting if($isexternalimage) { $xlink .= 'lib/exe/fetch.php'; - // add hash: - $xlink .= '?hash='.substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6); - if($more) { - $xlink .= $sep.$more; - $xlink .= $sep.'media='.rawurlencode($id); - } else { - $xlink .= $sep.'media='.rawurlencode($id); - } + $xlink .= '?'.$more; + $xlink .= $sep.'media='.rawurlencode($id); return $xlink; } -- cgit v1.2.3 From 75e4dd8a2ec6c181e99877919b5a2b529407752a Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Tue, 8 Oct 2013 00:06:46 +0200 Subject: Use in cookie a correct path, added DOKU_COOKIEPATH to js constants Fixes FS#2837 --- inc/common.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 3312141c8..866e0aadd 100644 --- a/inc/common.php +++ b/inc/common.php @@ -1625,7 +1625,8 @@ function set_doku_pref($pref, $val) { } if (!empty($cookieVal)) { - setcookie('DOKU_PREFS', $cookieVal, time()+365*24*3600, DOKU_BASE, '', ($conf['securecookie'] && is_ssl())); + $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; + setcookie('DOKU_PREFS', $cookieVal, time()+365*24*3600, $cookieDir, '', ($conf['securecookie'] && is_ssl())); } } -- cgit v1.2.3 From 443e135d59e9d227eec818dabf9ee64d7a73d474 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 16 Oct 2013 22:04:01 +0100 Subject: replace boolean conditional checks on possibly uninitialized vars with \!empty/empty/isset as appropriate --- inc/common.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 866e0aadd..32771285b 100644 --- a/inc/common.php +++ b/inc/common.php @@ -64,7 +64,7 @@ function getSecurityToken() { */ function checkSecurityToken($token = null) { global $INPUT; - if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check + if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { @@ -474,13 +474,13 @@ function ml($id = '', $more = '', $direct = true, $sep = '&', $abs = false) if(is_array($more)) { // add token for resized images - if($more['w'] || $more['h'] || $isexternalimage){ + if(!empty($more['w']) || !empty($more['h']) || $isexternalimage){ $more['tok'] = media_get_token($id,$more['w'],$more['h']); } // strip defaults for shorter URLs if(isset($more['cache']) && $more['cache'] == 'cache') unset($more['cache']); - if(!$more['w']) unset($more['w']); - if(!$more['h']) unset($more['h']); + if(empty($more['w'])) unset($more['w']); + if(empty($more['h'])) unset($more['h']); if(isset($more['id']) && $direct) unset($more['id']); $more = buildURLparams($more, $sep); } else { -- cgit v1.2.3