From 4a7bf0c1b6db3f15c2c8cee6b6de4bdc9fc544ba Mon Sep 17 00:00:00 2001
From: dairiki <dairiki@96ab9672-09ca-45d6-a79d-3d69d39ca109>
Date: Sat, 18 Aug 2001 05:09:09 +0000
Subject: [PATCH] Fix SF bug #227748.

When using the flat-file back end, page names with slashes in them didn't work.
We fix this by urlencoding '%' '/' '\\' and ':' when they occur in page names.

WARNING: If any pages currently in your flat-file database contain any of
those characters in their titles, this change will make them invisible
to PhpWiki.  You should back them up before upgrading, and restore them
after upgrading.


git-svn-id: svn://svn.code.sf.net/p/phpwiki/code/branches/release-1_2-branch@542 96ab9672-09ca-45d6-a79d-3d69d39ca109
---
 UPGRADING.readme      | 13 ++++++++++++-
 lib/db_filesystem.php | 41 ++++++++++++++++++++++++++++++++---------
 2 files changed, 44 insertions(+), 10 deletions(-)

diff --git a/UPGRADING.readme b/UPGRADING.readme
index fff4cd366..6ce060014 100644
--- a/UPGRADING.readme
+++ b/UPGRADING.readme
@@ -12,5 +12,16 @@ MySQL
   If you don't use the stock table names, look at the script in
   schemas/update.mysql.1.2.0-1.2.1 and use it as a guide.
 
- 
 
+Flat File
+
+  We are now (since 1.2.0) urlencoding the characters '%', '/', '\\',
+  and ':' when forming filenames from page names.  (This is to fix a bug
+  having to do with page names containing slashes.)  If you currently have
+  any page names with any of those special characters, they will not be
+  visible to PhpWiki after you upgrade.  (Any pages without those funny
+  characters in their names will be unaffected.)
+
+  If you do have pages with slashes, colons or percent signs in their names,
+  you should probably make a backup dump of your database before upgrading
+  and re-load the database after upgrading.
diff --git a/lib/db_filesystem.php b/lib/db_filesystem.php
index c904e99d0..b0f0db37c 100644
--- a/lib/db_filesystem.php
+++ b/lib/db_filesystem.php
@@ -1,4 +1,4 @@
-<?php  rcs_id('$Id: db_filesystem.php,v 1.4.2.3 2001-08-18 02:38:34 dairiki Exp $');
+<?php  rcs_id('$Id: db_filesystem.php,v 1.4.2.4 2001-08-18 05:09:09 dairiki Exp $');
    /*
       Database functions:
 
@@ -41,10 +41,22 @@
       return;
    }
 
-   
+   // Sort of urlencode() the pagename.
+   // We only encode a limited set of characters to minimize breakage
+   // of existing databases.  The encoded names can be decoded with
+   // urldecode.
+   function EncodePagename($pagename) {
+     $bad_chars = '%/\\:'; // '%' must be first!
+      for ($i = 0; $i < strlen($bad_chars); $i++) {
+	 $pagename = str_replace($bad_chars[$i],
+	                         rawurlencode($bad_chars[$i]), $pagename);
+      }
+      return $pagename;
+   }
+
    // Return hash of page + attributes or default
    function RetrievePage($dbi, $pagename, $pagestore) {
-      $filename = $dbi[$pagestore] . "/" . $pagename;
+      $filename = $dbi[$pagestore] . "/" . EncodePagename($pagename);
       if ($fd = @fopen($filename, "rb")) {
          $locked = flock($fd, 1); # Read lock
          if (!$locked) { 
@@ -54,7 +66,7 @@
             // unserialize $data into a hash
             $pagehash = unserialize($data);
 	    if (!is_array($pagehash))
-		ExitWiki(sprintf("'%s': corrupt file",
+		ExitWiki(sprintf(gettext("'%s': corrupt file"),
 				 htmlspecialchars($filename)));
 	 }	
 	 fclose($fd);
@@ -81,7 +93,7 @@
 		 }
 	  }
 
-      $filename = $dbi . "/" . $pagename;
+      $filename = $dbi . "/" . EncodePagename($pagename);
       if($fd = fopen($filename, 'a+b')) { 
          $locked = flock($fd,2); #Exclusive blocking lock 
          if (!$locked) { 
@@ -115,12 +127,12 @@
 
 
    function IsWikiPage($dbi, $pagename) {
-      return file_exists($dbi['wiki'] . "/" . $pagename);
+      return file_exists($dbi['wiki'] . "/" . EncodePagename($pagename));
    }
 
 
    function IsInArchive($dbi, $pagename) {
-      return file_exists($dbi['archive'] . "/" . $pagename);
+      return file_exists($dbi['archive'] . "/" . EncodePagename($pagename));
    }
 
 
@@ -199,6 +211,10 @@
       global $WikiPageStore;
       while (list($key, $page) = each($pos['data'])) {
          $pagedata = RetrievePage($dbi, $page, $WikiPageStore);
+	 if (!is_array($pagedata)) {
+	    printf(gettext("%s: bad data<br>\n"), htmlspecialchars($page));
+	    continue;
+	 }
 	 
 	 while (list($i, $line) = each($pagedata['content'])) {
 	    if (preg_match($pos['search'], $line))
@@ -284,8 +300,15 @@ return;
       $namelist = array();
       $d = opendir($dbi);
       while($entry = readdir($d)) {
-	 if ($entry != '.' && $entry != '..')
-	    $namelist[] = $entry;
+	 if ($entry == '.' || $entry == '..')
+	    continue;
+	 $pagename = rawurldecode($entry);
+	 if ($entry != EncodePagename($pagename)) {
+	    printf(gettext("%s: Bad filename in database<br>\n"),
+		   htmlspecialchars("$dbi/$entry"));
+	    continue;
+	 }
+	 $namelist[] = $pagename;
       }
 
       return $namelist;
-- 
2.45.0