pukiwiki_original
Fork

(Original repository, No fork origin)

R/O
HTTP
SSH
HTTPS

提交

Commit MetaInfo

修订版	f2d84105379b623802afbde1c52660e5d8e917a9 (tree)
时间	2011-02-08 23:07:34
作者	henoheno <henoheno>
Commiter	henoheno

Log Message

BugTrack2/343 BugTrack/779 Cleanup transition (2):
* htmlspecialchars() everywhere except exception (for your security)
* \n
* Correct comments
* ref_check_arg() => ref_check_args() (to be continued?)
* init $variables
* Separate size-related code, into ref_check_size()

更改概述

modified: plugin/ref.inc.php (diff)

差异

--- a/plugin/ref.inc.php

+++ b/plugin/ref.inc.php

		@@ -1,6 +1,6 @@
1	1	<?php
2	2	// PukiWiki - Yet another WikiWikiWeb clone
3		-// $Id: ref.inc.php,v 1.54 2011-02-06 13:50:46 henoheno Exp $
	3	+// $Id: ref.inc.php,v 1.55 2011-02-08 14:07:34 henoheno Exp $
4	4	// Copyright (C)
5	5	// 2002-2006, 2011 PukiWiki Developers Team
6	6	// 2001-2002 Originally written by yu-ji

		@@ -81,11 +81,11 @@ function plugin_ref_convert()
81	81	// Opera 6 = x (aligning seems ignored with wrap)
82	82	// Netscape 6 = x (aligning seems ignored with wrap)
83	83	// IE6 = o
84		- $margin = ($params['around'] ? '0px' : 'auto');
85		- $margin_align = ($params['_align'] == 'center') ? '' :
86		- ';margin-' . $params['_align'] . ':0px';
	84	+ $s_margin = htmlsc($params['around'] ? '0px' : 'auto');
	85	+ $s_margin_align = htmlsc(($params['_align'] == 'center') ? '' :
	86	+ ';margin-' . $params['_align'] . ':0px');
87	87	$params['_body'] = <<<EOD
88		-<table class="style_table" style="margin:$margin$margin_align">
	88	+<table class="style_table" style="margin:$s_margin$s_margin_align">
89	89	<tr>
90	90	<td class="style_td">{$params['_body']}</td>
91	91	</tr>

		@@ -98,8 +98,9 @@ EOD;
98	98	} else {
99	99	$style = 'text-align:' . $params['_align'];
100	100	}
101		- return '<div class="img_margin" style="' . htmlsc($style) . '">' .
102		- $params['_body'] . '</div>' . "\n";
	101	+ return '<div class="img_margin" style="' . htmlsc($style) . '">' . "\n" .
	102	+ $params['_body'] . "\n" .
	103	+ '</div>' . "\n";
103	104	}
104	105
105	106	// Common function

		@@ -126,15 +127,14 @@ function plugin_ref_body($args)
126	127	'nolink' => FALSE, // Suppress link to image itself
127	128	'noimg' => FALSE, // Suppress showing image
128	129
129		- 'zoom' => FALSE, // Image size spacified
	130	+ 'zoom' => FALSE, // Lock image width/height ratio
130	131	'_%' => 0, // percentage
131	132
132	133	'_size' => FALSE, // Image size specified
133	134	'_w' => 0, // width
134	135	'_h' => 0, // height
135	136
136		- '_args' => array(),
137		- '_done' => FALSE,
	137	+ '_title' => '',
138	138	'_error' => ''
139	139	);
140	140

		@@ -163,7 +163,7 @@ function plugin_ref_body($args)
163	163	$is_file = is_file($file);
164	164
165	165	} else if (isset($args[0]) && $args[0] != '' && ! isset($params[$args[0]])) {
166		- // Is the second argument a page-name or a path-name?
	166	+ // Is the second argument a page-name or a path-name? (compat)
167	167	$_page = array_shift($args);
168	168
169	169	// Looks like WikiName, or double-bracket-inserted pagename? (compat)

		@@ -190,7 +190,8 @@ function plugin_ref_body($args)
190	190	}
191	191	return $params;
192	192	}
193		- $page = $_page; // Believe it (compat)
	193	+
	194	+ $page = $_page; // Suppose it
194	195
195	196	} else {
196	197	// Simple single argument

		@@ -205,28 +206,15 @@ function plugin_ref_body($args)
205	206	}
206	207	}
207	208
208		- // $params
209		- if (! empty($args)) {
210		- foreach ($args as $arg) {
211		- ref_check_arg($arg, $params);
212		- }
213		- }
214		- foreach (array('right', 'left', 'center') as $align) {
215		- if ($params[$align]) {
216		- $params['_align'] = $align;
217		- break;
218		- }
219		- }
	209	+ ref_check_args($args, $params);
	210	+
220	211	$seems_image = (! $params['noimg'] && preg_match(PLUGIN_REF_IMAGE, $name));
221	212
222	213	$width = $height = 0;
223		- $title = $url = $url2 = '';
224		- $matches = array();
225		-
	214	+ $url = $url2 = '';
226	215	if ($is_url) {
227		- $url = $name;
228		- $url2 = $name;
229		-
	216	+ $url = $name;
	217	+ $url2 = $name;
230	218	if (PKWK_DISABLE_INLINE_IMAGE_FROM_URI) {
231	219	//$params['_error'] = 'PKWK_DISABLE_INLINE_IMAGE_FROM_URI prohibits this';
232	220	//return $params;

		@@ -234,27 +222,24 @@ function plugin_ref_body($args)
234	222	$params['_body'] = '<a href="' . $s_url . '">' . $s_url . '</a>';
235	223	return $params;
236	224	}
	225	+ $matches = array();
	226	+ $params['_title'] = preg_match('#([^/]+)$#', $url, $matches) ? $matches[1] : $url;
237	227
238		- $title = preg_match('#([^/]+)$#', $url, $matches) ? $matches[1] : $url;
239		-
240		- if (PLUGIN_REF_URL_GET_IMAGE_SIZE && $seems_image && (bool)ini_get('allow_url_fopen')) {
	228	+ if ($seems_image && PLUGIN_REF_URL_GET_IMAGE_SIZE && (bool)ini_get('allow_url_fopen')) {
241	229	$size = @getimagesize($name);
242	230	if (is_array($size)) {
243	231	$width = $size[0];
244	232	$height = $size[1];
245	233	}
246	234	}
247		-
248	235	} else {
249		- $title = $name;
250		-
251	236	// Count downloads with attach plugin
252	237	$url = $script . '?plugin=attach' . '&refer=' . rawurlencode($page) .
253	238	'&openfile=' . rawurlencode($name); // Show its filename at the last
254	239	$url2 = '';
	240	+ $params['_title'] = $name;
255	241
256	242	if ($seems_image) {
257		-
258	243	// URI for in-line image output
259	244	$url2 = $url;
260	245	if (PLUGIN_REF_DIRECT_ACCESS) {

		@@ -264,7 +249,6 @@ function plugin_ref_body($args)
264	249	$url = $script . '?plugin=ref' . '&page=' . rawurlencode($page) .
265	250	'&src=' . rawurlencode($name); // Show its filename at the last
266	251	}
267		-
268	252	$size = @getimagesize($file);
269	253	if (is_array($size)) {
270	254	$width = $size[0];

		@@ -273,70 +257,28 @@ function plugin_ref_body($args)
273	257	}
274	258	}
275	259
276		- if (! empty($params['_args'])) {
277		- $_title = array();
278		- foreach ($params['_args'] as $arg) {
279		- if (preg_match('/^([0-9]+)x([0-9]+)$/', $arg, $matches)) {
280		- $params['_size'] = TRUE;
281		- $params['_w'] = $matches[1];
282		- $params['_h'] = $matches[2];
283		-
284		- } else if (preg_match('/^([0-9.]+)%$/', $arg, $matches) && $matches[1] > 0) {
285		- $params['_%'] = $matches[1];
286		-
287		- } else {
288		- $_title[] = $arg;
289		- }
290		- }
291		-
292		- if (! empty($_title)) {
293		- $title = join(',', $_title);
294		- }
295		- }
296		-
297	260	$s_url = htmlsc($url);
298		- $s_title = htmlsc($title);
	261	+ $s_title = htmlsc($params['_title']);
299	262	$s_info = '';
300	263	if ($seems_image) {
301	264	$s_title = make_line_rules($s_title);
302		- if ($params['_size']) {
303		- if ($width == 0 && $height == 0) {
304		- $width = $params['_w'];
305		- $height = $params['_h'];
306		- } else if ($params['zoom']) {
307		- $_w = $params['_w'] ? $width / $params['_w'] : 0;
308		- $_h = $params['_h'] ? $height / $params['_h'] : 0;
309		- $zoom = max($_w, $_h);
310		- if ($zoom) {
311		- $width = intval($width / $zoom);
312		- $height = intval($height / $zoom);
313		- }
314		- } else {
315		- $width = $params['_w'] ? $params['_w'] : $width;
316		- $height = $params['_h'] ? $params['_h'] : $height;
317		- }
318		- }
319		- if ($params['_%']) {
320		- $width = intval($width * $params['_%'] / 100);
321		- $height = intval($height * $params['_%'] / 100);
	265	+ if (ref_check_size($width, $height, $params)) {
	266	+ $s_info = 'width="' . htmlsc($params['_w']) .
	267	+ '" height="' . htmlsc($params['_h']) . '" ';
322	268	}
323		- if ($width && $height) {
324		- $s_info = 'width="' . htmlsc($width) .
325		- '" height="' . htmlsc($height) . '" ';
326		- }
327		- $body = '<img src="' . $s_url . '" ' .
328		- 'alt="' . $s_title . '" ' .
329		- 'title="' . $s_title . '" ' .
	269	+ $body = '<img src="' . $s_url . '" ' .
	270	+ 'alt="' . $s_title . '" ' .
	271	+ 'title="' . $s_title . '" ' .
330	272	$s_info . '/>';
331	273	if (! $params['nolink'] && $url2) {
332	274	$params['_body'] =
333		- '<a href="' . htmlsc($url2) . '" title="' . $s_title . '">' .
334		- $body . '</a>';
	275	+ '<a href="' . htmlsc($url2) . '" title="' . $s_title . '">' . "\n" .
	276	+ $body . "\n" . '</a>';
335	277	} else {
336	278	$params['_body'] = $body;
337	279	}
338	280	} else {
339		- if (! $is_url) {
	281	+ if (! $is_url && $is_file) {
340	282	$s_info = htmlsc(get_date('Y/m/d H:i:s', filemtime($file) - LOCALZONE) .
341	283	' ' . sprintf('%01.1f', round(filesize($file) / 1024, 1)) . 'KB');
342	284	}

		@@ -348,29 +290,90 @@ function plugin_ref_body($args)
348	290	return $params;
349	291	}
350	292
351		-function ref_check_arg($val, & $params)
	293	+function ref_check_args($args, & $params)
352	294	{
353		- if (preg_match('/^_/', $val)) {
354		- $params['_args'][] = $val;
355		- return;
	295	+ if (! is_array($args) \|\| ! is_array($params)) return;
	296	+
	297	+ $_args = array();
	298	+ $_title = array();
	299	+ $matches = array();
	300	+
	301	+ foreach ($args as $arg) {
	302	+ $hit = FALSE;
	303	+ if (! empty($arg) && ! preg_match('/^_/', $arg)) {
	304	+ $larg = strtolower($arg);
	305	+ foreach (array_keys($params) as $key) {
	306	+ if (strpos($key, $larg) === 0) {
	307	+ $hit = TRUE;
	308	+ $params[$key] = TRUE;
	309	+ break;
	310	+ }
	311	+ }
	312	+ }
	313	+ if (! $hit) $_args[] = $arg;
356	314	}
357		- if ($val == '') {
358		- $params['_done'] = TRUE;
359		- return;
	315	+
	316	+ foreach ($_args as $arg) {
	317	+ if (preg_match('/^([0-9]+)x([0-9]+)$/', $arg, $matches)) {
	318	+ $params['_size'] = TRUE;
	319	+ $params['_w'] = intval($matches[1]);
	320	+ $params['_h'] = intval($matches[2]);
	321	+ } else if (preg_match('/^([0-9.]+)%$/', $arg, $matches) && $matches[1] > 0) {
	322	+ $params['_%'] = intval($matches[1]);
	323	+ } else {
	324	+ $_title[] = $arg;
	325	+ }
360	326	}
	327	+ unset($_args);
361	328
362		- if (! $params['_done']) {
363		- $lval = strtolower($val);
364		- foreach (array_keys($params) as $key) {
365		- if (strpos($key, $lval) === 0) {
366		- $params[$key] = TRUE;
367		- return;
	329	+ $params['_title'] = join(',', $_title);
	330	+ unset($_title);
	331	+
	332	+ foreach (array('right', 'left', 'center') as $align) {
	333	+ if (isset($params[$align]) && $params[$align]) {
	334	+ $params['_align'] = $align;
	335	+ unset($params[$align]);
	336	+ break;
	337	+ }
	338	+ }
	339	+}
	340	+
	341	+function ref_check_size($width = 0, $height = 0, & $params)
	342	+{
	343	+ if (! is_array($params)) return FALSE;
	344	+
	345	+ $width = intval($width);
	346	+ $height = intval($height);
	347	+ $_width = isset($params['_w']) ? intval($params['_w']) : 0;
	348	+ $_height = isset($params['_h']) ? intval($params['_h']) : 0;
	349	+
	350	+ if (isset($params['_size']) && $params['_size']) {
	351	+ if ($width == 0 && $height == 0) {
	352	+ $width = $_width;
	353	+ $height = $_height;
	354	+ } else if (isset($params['zoom']) && $params['zoom']) {
	355	+ $_w = $_width ? $width / $_width : 0;
	356	+ $_h = $_height ? $height / $_height : 0;
	357	+ $zoom = max($_w, $_h);
	358	+ if ($zoom) {
	359	+ $width = $width / $zoom;
	360	+ $height = $height / $zoom;
368	361	}
	362	+ } else {
	363	+ $width = $_width ? $_width : $width;
	364	+ $height = $_height ? $_height : $height;
369	365	}
370		- $params['_done'] = TRUE;
371	366	}
372	367
373		- $params['_args'][] = $val;
	368	+ if (isset($params['_%']) && $params['_%']) {
	369	+ $width = $width * $params['_%'] / 100;
	370	+ $height = $height * $params['_%'] / 100;
	371	+ }
	372	+
	373	+ $params['_w'] = intval($width);
	374	+ $params['_h'] = intval($height);
	375	+
	376	+ return ($params['_w'] && $params['_h']);
374	377	}
375	378
376	379	// Output an image (fast, non-logging <==> attach plugin)

pukiwiki_original Fork

提交

标签

Frequently used words (click to add to your profile)

Commit MetaInfo

Log Message

更改概述

差异

pukiwiki_original
Fork