• R/O
  • HTTP
  • SSH
  • HTTPS

提交

标签
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

修订版47d3212745abbb859be7a103b8c2fb7aeec28f56 (tree)
时间2011-02-08 23:07:34
作者henoheno <henoheno>
Commiterhenoheno

Log Message

BugTrack2/343 BugTrack/779 Cleanup transition (2):
* htmlspecialchars() everywhere except exception (for your security)
* \n
* Correct comments
* ref_check_arg() => ref_check_args() (to be continued?)
* init $variables
* Separate size-related code, into ref_check_size()

更改概述

差异

--- a/plugin/ref.inc.php
+++ b/plugin/ref.inc.php
@@ -1,6 +1,6 @@
11 <?php
22 // PukiWiki - Yet another WikiWikiWeb clone
3-// $Id: ref.inc.php,v 1.54 2011/02/06 13:50:46 henoheno Exp $
3+// $Id: ref.inc.php,v 1.55 2011/02/08 14:07:34 henoheno Exp $
44 // Copyright (C)
55 // 2002-2006, 2011 PukiWiki Developers Team
66 // 2001-2002 Originally written by yu-ji
@@ -81,11 +81,11 @@ function plugin_ref_convert()
8181 // Opera 6 = x (aligning seems ignored with wrap)
8282 // Netscape 6 = x (aligning seems ignored with wrap)
8383 // IE6 = o
84- $margin = ($params['around'] ? '0px' : 'auto');
85- $margin_align = ($params['_align'] == 'center') ? '' :
86- ';margin-' . $params['_align'] . ':0px';
84+ $s_margin = htmlsc($params['around'] ? '0px' : 'auto');
85+ $s_margin_align = htmlsc(($params['_align'] == 'center') ? '' :
86+ ';margin-' . $params['_align'] . ':0px');
8787 $params['_body'] = <<<EOD
88-<table class="style_table" style="margin:$margin$margin_align">
88+<table class="style_table" style="margin:$s_margin$s_margin_align">
8989 <tr>
9090 <td class="style_td">{$params['_body']}</td>
9191 </tr>
@@ -98,8 +98,9 @@ EOD;
9898 } else {
9999 $style = 'text-align:' . $params['_align'];
100100 }
101- return '<div class="img_margin" style="' . htmlsc($style) . '">' .
102- $params['_body'] . '</div>' . "\n";
101+ return '<div class="img_margin" style="' . htmlsc($style) . '">' . "\n" .
102+ $params['_body'] . "\n" .
103+ '</div>' . "\n";
103104 }
104105
105106 // Common function
@@ -126,15 +127,14 @@ function plugin_ref_body($args)
126127 'nolink' => FALSE, // Suppress link to image itself
127128 'noimg' => FALSE, // Suppress showing image
128129
129- 'zoom' => FALSE, // Image size spacified
130+ 'zoom' => FALSE, // Lock image width/height ratio
130131 '_%' => 0, // percentage
131132
132133 '_size' => FALSE, // Image size specified
133134 '_w' => 0, // width
134135 '_h' => 0, // height
135136
136- '_args' => array(),
137- '_done' => FALSE,
137+ '_title' => '',
138138 '_error' => ''
139139 );
140140
@@ -163,7 +163,7 @@ function plugin_ref_body($args)
163163 $is_file = is_file($file);
164164
165165 } else if (isset($args[0]) && $args[0] != '' && ! isset($params[$args[0]])) {
166- // Is the second argument a page-name or a path-name?
166+ // Is the second argument a page-name or a path-name? (compat)
167167 $_page = array_shift($args);
168168
169169 // Looks like WikiName, or double-bracket-inserted pagename? (compat)
@@ -190,7 +190,8 @@ function plugin_ref_body($args)
190190 }
191191 return $params;
192192 }
193- $page = $_page; // Believe it (compat)
193+
194+ $page = $_page; // Suppose it
194195
195196 } else {
196197 // Simple single argument
@@ -205,28 +206,15 @@ function plugin_ref_body($args)
205206 }
206207 }
207208
208- // $params
209- if (! empty($args)) {
210- foreach ($args as $arg) {
211- ref_check_arg($arg, $params);
212- }
213- }
214- foreach (array('right', 'left', 'center') as $align) {
215- if ($params[$align]) {
216- $params['_align'] = $align;
217- break;
218- }
219- }
209+ ref_check_args($args, $params);
210+
220211 $seems_image = (! $params['noimg'] && preg_match(PLUGIN_REF_IMAGE, $name));
221212
222213 $width = $height = 0;
223- $title = $url = $url2 = '';
224- $matches = array();
225-
214+ $url = $url2 = '';
226215 if ($is_url) {
227- $url = $name;
228- $url2 = $name;
229-
216+ $url = $name;
217+ $url2 = $name;
230218 if (PKWK_DISABLE_INLINE_IMAGE_FROM_URI) {
231219 //$params['_error'] = 'PKWK_DISABLE_INLINE_IMAGE_FROM_URI prohibits this';
232220 //return $params;
@@ -234,27 +222,24 @@ function plugin_ref_body($args)
234222 $params['_body'] = '<a href="' . $s_url . '">' . $s_url . '</a>';
235223 return $params;
236224 }
225+ $matches = array();
226+ $params['_title'] = preg_match('#([^/]+)$#', $url, $matches) ? $matches[1] : $url;
237227
238- $title = preg_match('#([^/]+)$#', $url, $matches) ? $matches[1] : $url;
239-
240- if (PLUGIN_REF_URL_GET_IMAGE_SIZE && $seems_image && (bool)ini_get('allow_url_fopen')) {
228+ if ($seems_image && PLUGIN_REF_URL_GET_IMAGE_SIZE && (bool)ini_get('allow_url_fopen')) {
241229 $size = @getimagesize($name);
242230 if (is_array($size)) {
243231 $width = $size[0];
244232 $height = $size[1];
245233 }
246234 }
247-
248235 } else {
249- $title = $name;
250-
251236 // Count downloads with attach plugin
252237 $url = $script . '?plugin=attach' . '&refer=' . rawurlencode($page) .
253238 '&openfile=' . rawurlencode($name); // Show its filename at the last
254239 $url2 = '';
240+ $params['_title'] = $name;
255241
256242 if ($seems_image) {
257-
258243 // URI for in-line image output
259244 $url2 = $url;
260245 if (PLUGIN_REF_DIRECT_ACCESS) {
@@ -264,7 +249,6 @@ function plugin_ref_body($args)
264249 $url = $script . '?plugin=ref' . '&page=' . rawurlencode($page) .
265250 '&src=' . rawurlencode($name); // Show its filename at the last
266251 }
267-
268252 $size = @getimagesize($file);
269253 if (is_array($size)) {
270254 $width = $size[0];
@@ -273,70 +257,28 @@ function plugin_ref_body($args)
273257 }
274258 }
275259
276- if (! empty($params['_args'])) {
277- $_title = array();
278- foreach ($params['_args'] as $arg) {
279- if (preg_match('/^([0-9]+)x([0-9]+)$/', $arg, $matches)) {
280- $params['_size'] = TRUE;
281- $params['_w'] = $matches[1];
282- $params['_h'] = $matches[2];
283-
284- } else if (preg_match('/^([0-9.]+)%$/', $arg, $matches) && $matches[1] > 0) {
285- $params['_%'] = $matches[1];
286-
287- } else {
288- $_title[] = $arg;
289- }
290- }
291-
292- if (! empty($_title)) {
293- $title = join(',', $_title);
294- }
295- }
296-
297260 $s_url = htmlsc($url);
298- $s_title = htmlsc($title);
261+ $s_title = htmlsc($params['_title']);
299262 $s_info = '';
300263 if ($seems_image) {
301264 $s_title = make_line_rules($s_title);
302- if ($params['_size']) {
303- if ($width == 0 && $height == 0) {
304- $width = $params['_w'];
305- $height = $params['_h'];
306- } else if ($params['zoom']) {
307- $_w = $params['_w'] ? $width / $params['_w'] : 0;
308- $_h = $params['_h'] ? $height / $params['_h'] : 0;
309- $zoom = max($_w, $_h);
310- if ($zoom) {
311- $width = intval($width / $zoom);
312- $height = intval($height / $zoom);
313- }
314- } else {
315- $width = $params['_w'] ? $params['_w'] : $width;
316- $height = $params['_h'] ? $params['_h'] : $height;
317- }
318- }
319- if ($params['_%']) {
320- $width = intval($width * $params['_%'] / 100);
321- $height = intval($height * $params['_%'] / 100);
265+ if (ref_check_size($width, $height, $params)) {
266+ $s_info = 'width="' . htmlsc($params['_w']) .
267+ '" height="' . htmlsc($params['_h']) . '" ';
322268 }
323- if ($width && $height) {
324- $s_info = 'width="' . htmlsc($width) .
325- '" height="' . htmlsc($height) . '" ';
326- }
327- $body = '<img src="' . $s_url . '" ' .
328- 'alt="' . $s_title . '" ' .
329- 'title="' . $s_title . '" ' .
269+ $body = '<img src="' . $s_url . '" ' .
270+ 'alt="' . $s_title . '" ' .
271+ 'title="' . $s_title . '" ' .
330272 $s_info . '/>';
331273 if (! $params['nolink'] && $url2) {
332274 $params['_body'] =
333- '<a href="' . htmlsc($url2) . '" title="' . $s_title . '">' .
334- $body . '</a>';
275+ '<a href="' . htmlsc($url2) . '" title="' . $s_title . '">' . "\n" .
276+ $body . "\n" . '</a>';
335277 } else {
336278 $params['_body'] = $body;
337279 }
338280 } else {
339- if (! $is_url) {
281+ if (! $is_url && $is_file) {
340282 $s_info = htmlsc(get_date('Y/m/d H:i:s', filemtime($file) - LOCALZONE) .
341283 ' ' . sprintf('%01.1f', round(filesize($file) / 1024, 1)) . 'KB');
342284 }
@@ -348,29 +290,90 @@ function plugin_ref_body($args)
348290 return $params;
349291 }
350292
351-function ref_check_arg($val, & $params)
293+function ref_check_args($args, & $params)
352294 {
353- if (preg_match('/^_/', $val)) {
354- $params['_args'][] = $val;
355- return;
295+ if (! is_array($args) || ! is_array($params)) return;
296+
297+ $_args = array();
298+ $_title = array();
299+ $matches = array();
300+
301+ foreach ($args as $arg) {
302+ $hit = FALSE;
303+ if (! empty($arg) && ! preg_match('/^_/', $arg)) {
304+ $larg = strtolower($arg);
305+ foreach (array_keys($params) as $key) {
306+ if (strpos($key, $larg) === 0) {
307+ $hit = TRUE;
308+ $params[$key] = TRUE;
309+ break;
310+ }
311+ }
312+ }
313+ if (! $hit) $_args[] = $arg;
356314 }
357- if ($val == '') {
358- $params['_done'] = TRUE;
359- return;
315+
316+ foreach ($_args as $arg) {
317+ if (preg_match('/^([0-9]+)x([0-9]+)$/', $arg, $matches)) {
318+ $params['_size'] = TRUE;
319+ $params['_w'] = intval($matches[1]);
320+ $params['_h'] = intval($matches[2]);
321+ } else if (preg_match('/^([0-9.]+)%$/', $arg, $matches) && $matches[1] > 0) {
322+ $params['_%'] = intval($matches[1]);
323+ } else {
324+ $_title[] = $arg;
325+ }
360326 }
327+ unset($_args);
361328
362- if (! $params['_done']) {
363- $lval = strtolower($val);
364- foreach (array_keys($params) as $key) {
365- if (strpos($key, $lval) === 0) {
366- $params[$key] = TRUE;
367- return;
329+ $params['_title'] = join(',', $_title);
330+ unset($_title);
331+
332+ foreach (array('right', 'left', 'center') as $align) {
333+ if (isset($params[$align]) && $params[$align]) {
334+ $params['_align'] = $align;
335+ unset($params[$align]);
336+ break;
337+ }
338+ }
339+}
340+
341+function ref_check_size($width = 0, $height = 0, & $params)
342+{
343+ if (! is_array($params)) return FALSE;
344+
345+ $width = intval($width);
346+ $height = intval($height);
347+ $_width = isset($params['_w']) ? intval($params['_w']) : 0;
348+ $_height = isset($params['_h']) ? intval($params['_h']) : 0;
349+
350+ if (isset($params['_size']) && $params['_size']) {
351+ if ($width == 0 && $height == 0) {
352+ $width = $_width;
353+ $height = $_height;
354+ } else if (isset($params['zoom']) && $params['zoom']) {
355+ $_w = $_width ? $width / $_width : 0;
356+ $_h = $_height ? $height / $_height : 0;
357+ $zoom = max($_w, $_h);
358+ if ($zoom) {
359+ $width = $width / $zoom;
360+ $height = $height / $zoom;
368361 }
362+ } else {
363+ $width = $_width ? $_width : $width;
364+ $height = $_height ? $_height : $height;
369365 }
370- $params['_done'] = TRUE;
371366 }
372367
373- $params['_args'][] = $val;
368+ if (isset($params['_%']) && $params['_%']) {
369+ $width = $width * $params['_%'] / 100;
370+ $height = $height * $params['_%'] / 100;
371+ }
372+
373+ $params['_w'] = intval($width);
374+ $params['_h'] = intval($height);
375+
376+ return ($params['_w'] && $params['_h']);
374377 }
375378
376379 // Output an image (fast, non-logging <==> attach plugin)