7 * LICENSE: This source file is licensed under the terms of the GNU General Public License.
9 * @package Magic3 Framework
10 * @author 平田直毅(Naoki Hirata) <naoki@aplo.co.jp>
11 * @copyright Copyright 2006-2009 Magic3 Project.
12 * @license http://www.gnu.org/copyleft/gpl.html GPL License
13 * @version SVN: $Id: paint.inc.php 1601 2009-03-21 05:51:06Z fishbone $
14 * @link http://www.magic3.org
18 * #paint(width,height)
24 define('PAINT_INSERT_INS',0);
27 define('PAINT_DEFAULT_WIDTH',80);
28 define('PAINT_DEFAULT_HEIGHT',60);
31 define('PAINT_MAX_WIDTH',320);
32 define('PAINT_MAX_HEIGHT',240);
34 // アプレット領域の幅と高さ 50x50未満で別ウインドウが開く
35 define('PAINT_APPLET_WIDTH',800);
36 define('PAINT_APPLET_HEIGHT',300);
39 define('PAINT_NAME_FORMAT','[[$name]]');
40 define('PAINT_MSG_FORMAT','$msg');
41 define('PAINT_NOW_FORMAT','&new{$now};');
43 define('PAINT_FORMAT',"\x08MSG\x08 -- \x08NAME\x08 \x08NOW\x08");
45 define('PAINT_FORMAT_NOMSG',"\x08NAME\x08 \x08NOW\x08");
47 function plugin_paint_action()
49 global $script, $vars, $pkwk_dtd, $_paint_messages;
51 if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
54 $retval['msg'] = $_paint_messages['msg_title'];
57 if (array_key_exists('attach_file',$_FILES)
58 and array_key_exists('refer',$vars))
60 $file = $_FILES['attach_file'];
61 //BBSPaiter.jarは、shift-jisで内容を送ってくる。面倒なのでページ名はエンコードしてから送信させるようにした。
62 $vars['page'] = $vars['refer'] = decode($vars['refer']);
64 $filename = $vars['filename'];
65 $filename = mb_convert_encoding($filename,SOURCE_ENCODING,'auto');
68 $attachname = preg_replace('/^[^\.]+/',$filename,$file['name']);
69 //すでに存在した場合、 ファイル名に'_0','_1',...を付けて回避(姑息)
71 while (file_exists(UPLOAD_DIR.encode($vars['refer']).'_'.encode($attachname)))
73 $attachname = preg_replace('/^[^\.]+/',$filename.$count++,$file['name']);
76 $file['name'] = $attachname;
78 if (!exist_plugin('attach') or !function_exists('attach_upload'))
80 return array('msg'=>'attach.inc.php not found or not correct version.');
83 $retval = attach_upload($file,$vars['refer'],TRUE);
84 if ($retval['result'] == TRUE)
86 $retval = paint_insert_ref($file['name']);
92 $r_refer = $s_refer = '';
93 if (array_key_exists('refer',$vars))
95 $r_refer = rawurlencode($vars['refer']);
96 $s_refer = htmlspecialchars($vars['refer']);
98 $link = "<p><a href=\"$script?$r_refer\">$s_refer</a></p>";;
100 $w = PAINT_APPLET_WIDTH;
101 $h = PAINT_APPLET_HEIGHT;
104 if ($w < 50 and $h < 50)
108 $vars['page'] = $vars['refer'];
109 //$vars['cmd'] = 'read';
110 WikiParam::setCmd('read');
111 $retval['body'] = convert_html(get_source($vars['refer']));
115 //XSS脆弱性問題 - 外部から来た変数をエスケープ
116 $width = empty($vars['width']) ? PAINT_DEFAULT_WIDTH : $vars['width'];
117 $height = empty($vars['height']) ? PAINT_DEFAULT_HEIGHT : $vars['height'];
118 $f_w = (is_numeric($width) and $width > 0) ? $width : PAINT_DEFAULT_WIDTH;
119 $f_h = (is_numeric($height) and $height > 0) ? $height : PAINT_DEFAULT_HEIGHT;
120 $f_refer = array_key_exists('refer',$vars) ? encode($vars['refer']) : ''; // BBSPainter.jarがshift-jisに変換するのを回避
121 $f_digest = array_key_exists('digest',$vars) ? htmlspecialchars($vars['digest']) : '';
122 $f_no = (array_key_exists('paint_no',$vars) and is_numeric($vars['paint_no'])) ?
123 $vars['paint_no'] + 0 : 0;
125 if ($f_w > PAINT_MAX_WIDTH)
127 $f_w = PAINT_MAX_WIDTH;
129 if ($f_h > PAINT_MAX_HEIGHT)
131 $f_h = PAINT_MAX_HEIGHT;
134 $retval['body'] .= <<<EOD
138 <applet codebase="." archive="BBSPainter.jar" code="Main.class" width="$w" height="$h">
139 <param name="size" value="$f_w,$f_h" />
140 <param name="action" value="$script" />
141 <param name="image" value="attach_file" />
142 <param name="form1" value="filename={$_paint_messages['field_filename']}=!" />
143 <param name="form2" value="yourname={$_paint_messages['field_name']}" />
144 <param name="comment" value="msg={$_paint_messages['field_comment']}" />
145 <param name="param1" value="plugin=paint" />
146 <param name="param2" value="refer=$f_refer" />
147 <param name="param3" value="digest=$f_digest" />
148 <param name="param4" value="max_file_size=1000000" />
149 <param name="param5" value="paint_no=$f_no" />
150 <param name="enctype" value="multipart/form-data" />
151 <param name="return.URL" value="$script?$r_refer" />
155 // XHTML 1.0 Transitional
156 if (! isset($pkwk_dtd) || $pkwk_dtd == PKWK_DTD_XHTML_1_1)
157 $pkwk_dtd = PKWK_DTD_XHTML_1_0_TRANSITIONAL;
162 function plugin_paint_convert()
164 global $script,$vars,$digest;
165 global $_paint_messages;
166 static $numbers = array();
168 if (PKWK_READONLY) return ''; // Show nothing
170 if (!array_key_exists($vars['page'],$numbers))
172 $numbers[$vars['page']] = 0;
174 $paint_no = $numbers[$vars['page']]++;
180 $width = $height = 0;
181 $args = func_get_args();
182 if (count($args) >= 2)
184 $width = array_shift($args);
185 $height = array_shift($args);
187 if (!is_numeric($width) or $width <= 0)
189 $width = PAINT_DEFAULT_WIDTH;
191 if (!is_numeric($height) or $height <= 0)
193 $height = PAINT_DEFAULT_HEIGHT;
196 //XSS脆弱性問題 - 外部から来た変数をエスケープ
197 $f_page = htmlspecialchars($vars['page']);
199 $max = sprintf($_paint_messages['msg_max'],PAINT_MAX_WIDTH,PAINT_MAX_HEIGHT);
202 <form action="$script" method="post" class="form">
204 <input type="hidden" name="paint_no" value="$paint_no" />
205 <input type="hidden" name="digest" value="$digest" />
206 <input type="hidden" name="plugin" value="paint" />
207 <input type="hidden" name="refer" value="$f_page" />
208 <input type="text" name="width" size="3" value="$width" />
210 <input type="text" name="height" size="3" value="$height" />
212 <input type="submit" class="button" value="{$_paint_messages['btn_submit']}" />
218 function paint_insert_ref($filename)
220 global $script,$vars,$now,$do_backup;
221 global $_paint_messages,$_no_name;
223 $ret['msg'] = $_paint_messages['msg_title'];
225 $msg = mb_convert_encoding(rtrim($vars['msg']),SOURCE_ENCODING,'auto');
226 $name = mb_convert_encoding($vars['yourname'],SOURCE_ENCODING,'auto');
228 $msg = str_replace('$msg',$msg,PAINT_MSG_FORMAT);
229 $name = ($name == '') ? $_no_name : $vars['yourname'];
230 $name = ($name == '') ? '' : str_replace('$name',$name,PAINT_NAME_FORMAT);
231 $now = str_replace('$now',$now,PAINT_NOW_FORMAT);
234 $msg = ($msg == '') ?
236 str_replace("\x08MSG\x08", $msg, PAINT_FORMAT);
237 $msg = str_replace("\x08NAME\x08",$name, $msg);
238 $msg = str_replace("\x08NOW\x08",$now, $msg);
240 //ブロックに食われないように、#clearの直前に\nを2個書いておく
241 $msg = "#ref($filename,wrap,around)\n" . trim($msg) . "\n\n" .
244 $postdata_old = get_source($vars['refer']);
246 $paint_no = 0; //'#paint'の出現回数
247 foreach ($postdata_old as $line)
249 if (!PAINT_INSERT_INS)
253 if (preg_match('/^#paint/i',$line))
255 if ($paint_no == $vars['paint_no'])
261 if (PAINT_INSERT_INS)
268 if (md5(join('',$postdata_old)) != $vars['digest'])
270 $ret['msg'] = $_paint_messages['msg_title_collided'];
271 $ret['body'] = $_paint_messages['msg_collided'];
274 page_write($vars['refer'],$postdata);