From 60c6fa6e260e2f18a429b8cb5416b4889744e61c Mon Sep 17 00:00:00 2001 From: rurban Date: Fri, 4 Jun 2004 20:32:54 +0000 Subject: [PATCH] Several locale related improvements suggested by Pierrick Meignen LDAP fix by John Cole reanable admin check without ENABLE_PAGEPERM in the admin plugins git-svn-id: svn://svn.code.sf.net/p/phpwiki/code/trunk@3614 96ab9672-09ca-45d6-a79d-3d69d39ca109 --- lib/Request.php | 7 +- lib/WikiDB.php | 11 ++- lib/WikiDB/backend/ADODB_mysql.php | 5 +- lib/WikiUser.php | 12 +++- lib/WikiUserNew.php | 54 +++++++++------ lib/loadsave.php | 13 +++- lib/main.php | 10 ++- lib/plugin/PluginManager.php | 99 ++++++++------------------- lib/plugin/WikiAdminChmod.php | 16 +++-- lib/plugin/WikiAdminRename.php | 56 +++++++++------ lib/plugin/WikiAdminSearchReplace.php | 15 ++-- lib/plugin/WikiAdminSetAcl.php | 13 ++-- lib/stdlib.php | 32 +++++++-- lib/upgrade.php | 27 ++++---- 14 files changed, 212 insertions(+), 158 deletions(-) diff --git a/lib/Request.php b/lib/Request.php index 20c682c9e..819496574 100644 --- a/lib/Request.php +++ b/lib/Request.php @@ -1,5 +1,5 @@ _wikidb, $result); } + /** + * All Links from other pages to this page. + */ function getBackLinks() { return $this->getLinks(true); } + /** + * Forward Links: All Links from this page to other pages. + */ function getPageLinks() { return $this->getLinks(false); } @@ -1832,6 +1838,9 @@ class WikiDB_cache }; // $Log: not supported by cvs2svn $ +// Revision 1.64 2004/06/04 16:50:00 rurban +// add random quotes to empty pages +// // Revision 1.63 2004/06/04 11:58:38 rurban // added USE_TAGLINES // diff --git a/lib/WikiDB/backend/ADODB_mysql.php b/lib/WikiDB/backend/ADODB_mysql.php index cfc762d14..948ad93a3 100644 --- a/lib/WikiDB/backend/ADODB_mysql.php +++ b/lib/WikiDB/backend/ADODB_mysql.php @@ -1,5 +1,5 @@ isSignedIn()) { if ($this->isAdmin()) $prefs->set('passwd', ''); - // already stored in index.php, and it might be + // already stored in config/config.ini, and it might be // plaintext! well oh well if ($homepage = $this->homePage()) { // check for page revision 0 @@ -739,6 +739,12 @@ class UserPreferences { } // $Log: not supported by cvs2svn $ +// Revision 1.57 2004/06/04 12:40:21 rurban +// Restrict valid usernames to prevent from attacks against external auth or compromise +// possible holes. +// Fix various WikiUser old issues with default IMAP,LDAP,POP3 configs. Removed these. +// Fxied more warnings +// // Revision 1.56 2004/06/03 12:36:03 rurban // fix eval warning on signin // diff --git a/lib/WikiUserNew.php b/lib/WikiUserNew.php index 931ae734c..8640c2b84 100644 --- a/lib/WikiUserNew.php +++ b/lib/WikiUserNew.php @@ -1,5 +1,5 @@ $value) { + if (is_string($key) and defined($key)) + $key = constant($key); + ldap_set_option($ldap,$key,$value); + } + } if (defined('LDAP_AUTH_USER')) if (defined('LDAP_AUTH_PASSWORD')) // Windows Active Directory Server is strict @@ -2009,13 +2016,7 @@ extends _PassUser $r = @ldap_bind($ldap,LDAP_AUTH_USER); else $r = @ldap_bind($ldap); // this is an anonymous bind - if (!empty($LDAP_SET_OPTION)) { - foreach ($LDAP_SET_OPTION as $key => $value) { - if (is_string($key) and defined($key)) - $key = constant($key); - ldap_set_option($ldap,$key,$value); - } - } + // Need to set the right root search information. see ../index.php $st_search = defined('LDAP_SEARCH_FIELD') ? LDAP_SEARCH_FIELD."=$userid" @@ -2052,6 +2053,13 @@ extends _PassUser return WIKIAUTH_FORBIDDEN; } if ($ldap = ldap_connect(LDAP_AUTH_HOST)) { // must be a valid LDAP server! + if (!empty($LDAP_SET_OPTION)) { + foreach ($LDAP_SET_OPTION as $key => $value) { + if (is_string($key) and defined($key)) + $key = constant($key); + ldap_set_option($ldap,$key,$value); + } + } if (defined('LDAP_AUTH_USER')) if (defined('LDAP_AUTH_PASSWORD')) // Windows Active Directory Server is strict @@ -2060,11 +2068,7 @@ extends _PassUser $r = @ldap_bind($ldap,LDAP_AUTH_USER); else $r = @ldap_bind($ldap); // this is an anonymous bind - if (!empty($LDAP_SET_OPTION)) { - foreach ($LDAP_SET_OPTION as $key => $value) { - ldap_set_option($ldap,$key,$value); - } - } + // Need to set the right root search information. see ../index.php $st_search = defined('LDAP_SEARCH_FIELD') ? LDAP_SEARCH_FIELD."=$userid" @@ -2092,7 +2096,7 @@ extends _PassUser class _IMAPPassUser extends _PassUser /** - * Define the var IMAP_AUTH_HOST in index.php (with port probably) + * Define the var IMAP_AUTH_HOST in config/config.ini (with port probably) * * Preferences are handled in _PassUser */ @@ -2134,7 +2138,7 @@ extends _PassUser class _POP3PassUser extends _IMAPPassUser { /** - * Define the var POP3_AUTH_HOST in index.php + * Define the var POP3_AUTH_HOST in config/config.ini * Preferences are handled in _PassUser */ function checkPass($submitted_password) { @@ -2986,6 +2990,12 @@ extends UserPreferences // $Log: not supported by cvs2svn $ +// Revision 1.87 2004/06/04 12:40:21 rurban +// Restrict valid usernames to prevent from attacks against external auth or compromise +// possible holes. +// Fix various WikiUser old issues with default IMAP,LDAP,POP3 configs. Removed these. +// Fxied more warnings +// // Revision 1.86 2004/06/03 18:06:29 rurban // fix file locking issues (only needed on write) // fixed immediate LANG and THEME in-session updates if not stored in prefs diff --git a/lib/loadsave.php b/lib/loadsave.php index 5f37717ba..0bf55de95 100644 --- a/lib/loadsave.php +++ b/lib/loadsave.php @@ -1,5 +1,5 @@ _dbi->isWikiPage($page)) { - trigger_error("Mandatory file %s couldn't be loaded!",E_USER_WARNING); + trigger_error(sprintf("Mandatory file %s couldn't be loaded!",$page), + E_USER_WARNING); } } @@ -906,6 +907,14 @@ function LoadPostFile (&$request) /** $Log: not supported by cvs2svn $ + Revision 1.100 2004/05/02 21:26:38 rurban + limit user session data (HomePageHandle and auth_dbi have to invalidated anyway) + because they will not survive db sessions, if too large. + extended action=upgrade + some WikiTranslation button work + revert WIKIAUTH_UNOBTAINABLE (need it for main.php) + some temp. session debug statements + Revision 1.99 2004/05/02 15:10:07 rurban new finally reliable way to detect if /index.php is called directly and if to include lib/main.php diff --git a/lib/main.php b/lib/main.php index 5f0dffc86..87e67a006 100644 --- a/lib/main.php +++ b/lib/main.php @@ -1,5 +1,5 @@ pushcontent("$arg=$default", HTML::br()); } + + // This section was largely improved by Pierrick Meignen: // make a link if an actionpage exists $pluginNamelink = $pluginName; - $pluginDocPageNamelink = false; - // Also look for pages in the current locale - // Maybe FIXME? warn about case language != en and _(p) == "p"? - if (_($pluginName) != $pluginName) { - $localizedPluginName = _($pluginName); - } else - $localizedPluginName = ''; - $pluginNamelink = WikiLink($pluginName, 'if_known'); - // make another link for the localized plugin description - // page if it exists $pluginDocPageName = $pluginName . "Plugin"; - // Also look for pages in the current locale - if (_($pluginDocPageName) != $pluginDocPageName) { - $localizedPluginDocPageName = _($pluginDocPageName); - } else - $localizedPluginDocPageName = ''; - if (isWikiWord($pluginDocPageName) && - $dbi->isWikiPage($pluginDocPageName)) { - $pluginDocPageNamelink = HTML(WikiLink($pluginDocPageName)); - } else { - // don't link to actionpages and plugins starting with - // an _ from page list - if (!preg_match("/^_/", $pluginName) - //&& !(@$request->isActionPage($pluginName)) //FIXME? - ) { - $pluginDocPageNamelink = WikiLink($pluginDocPageName, - 'unknown'); - } else - $pluginDocPageNamelink = HTML(); + $pluginDocPageNamelink = false; + $localizedPluginName = ''; + $localizedPluginDocPageName = ''; + + if($GLOBALS['LANG'] != "en"){ + if (_($pluginName) != $pluginName) + $localizedPluginName = _($pluginName); + if($localizedPluginName && $dbi->isWikiPage($localizedPluginName)) + $pluginDocPageNamelink = WikiLink($localizedPluginName,'if_known'); + + if (_($pluginDocPageName) != $pluginDocPageName) + $localizedPluginDocPageName = _($pluginDocPageName); + if($localizedPluginDocPageName && + $dbi->isWikiPage($localizedPluginDocPageName)) + $pluginDocPageNamelink = + WikiLink($localizedPluginDocPageName, 'if_known'); } - // insert any found locale-specific pages at the bottom of - // the td - if ($localizedPluginName || $localizedPluginDocPageName) { - $par = HTML::p(); - if ($localizedPluginName) { - // Don't offer to create a link to a non-wikiword - // localized plugin page but show those that - // already exist (Calendar, Comment, etc.) (Non - // non-wikiword plugins are okay, they just can't - // become actionPages.) - if (isWikiWord($localizedPluginName) - || $dbi->isWikiPage($localizedPluginName)) - { - $par->pushContent(WikiLink($localizedPluginName, - 'auto')); - } - else { - // probably incorrectly translated, so no page - // link - $par->pushContent($localizedPluginName, ' ' - . _("(Not a WikiWord)")); - } - } - if ($localizedPluginName && $localizedPluginDocPageName) - $par->pushContent(HTML::br()); - if ($localizedPluginDocPageName) { - if (isWikiWord($localizedPluginDocPageName) - || $dbi->isWikiPage($localizedPluginDocPageName)) - { - $par->pushContent(WikiLink($localizedPluginDocPageName, - 'auto')); - } - else { - // probably incorrectly translated, so no page - // link - $par->pushContent($localizedPluginDocPageName, ' ' - . _("(Not a WikiWord)")); - } - } - $pluginDocPageNamelink->pushContent($par); + else { + $pluginNamelink = WikiLink($pluginName, 'if_known'); + + if ($dbi->isWikiPage($pluginDocPageName)) + $pluginDocPageNamelink = WikiLink($pluginDocPageName,'if_known'); } // highlight alternate rows @@ -229,7 +184,6 @@ extends WikiPlugin $tr->pushContent(HTML::td($pluginNamelink, HTML::br(), $pluginDocPageNamelink)); $pluginDocPageNamelink = false; - //$row_no++; } else { // plugin just has an actionpage @@ -249,6 +203,9 @@ extends WikiPlugin }; // $Log: not supported by cvs2svn $ +// Revision 1.15 2004/05/25 13:17:12 rurban +// fixed Fatal error: Call to a member function on a non-object in PluginManager.php on line 222 +// // Revision 1.14 2004/02/17 12:11:36 rurban // added missing 4th basepage arg at plugin->run() to almost all plugins. This caused no harm so far, because it was silently dropped on normal usage. However on plugin internal ->run invocations it failed. (InterWikiSearch, IncludeSiteMap, ...) // diff --git a/lib/plugin/WikiAdminChmod.php b/lib/plugin/WikiAdminChmod.php index d2e235b91..4981328fb 100644 --- a/lib/plugin/WikiAdminChmod.php +++ b/lib/plugin/WikiAdminChmod.php @@ -1,5 +1,5 @@ isPost() && !empty($post_args['chmod']) && empty($post_args['cancel'])) { - - // check individual PagePermissions + // without individual PagePermissions: if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) { $request->_notAuthorized(WIKIAUTH_ADMIN); $this->disabled("! user->isAdmin"); @@ -172,8 +171,10 @@ extends WikiPlugin_WikiAdminSelect HiddenInputs($request->getArgs(), false, array('admin_chmod')), - HiddenInputs(array('admin_chmod[action]' => $next_action, - 'require_authority_for_post' => WIKIAUTH_ADMIN)), + HiddenInputs(array('admin_chmod[action]' => $next_action)), + ENABLE_PAGEPERM + ? '' + : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)), $buttons); } @@ -201,6 +202,9 @@ extends WikiPlugin_WikiAdminSelect } // $Log: not supported by cvs2svn $ +// Revision 1.7 2004/06/03 22:24:42 rurban +// reenable admin check on !ENABLE_PAGEPERM, honor s=Wildcard arg, fix warning after Remove +// // Revision 1.6 2004/03/17 20:23:44 rurban // fixed p[] pagehash passing from WikiAdminSelect, fixed problem removing pages with [] in the pagename // diff --git a/lib/plugin/WikiAdminRename.php b/lib/plugin/WikiAdminRename.php index 5fc440f7a..a71e4cf41 100644 --- a/lib/plugin/WikiAdminRename.php +++ b/lib/plugin/WikiAdminRename.php @@ -1,5 +1,5 @@ 'pagename', 'limit' => 0, - 'updatelinks' => 0 + 'updatelinks' => 0 // not yet working ); } - //TODO: regex option - function renameHelper($name, $from, $to) { - return str_replace($from,$to,$name); + //TODO: regex and case-inexact option + function renameHelper($name, $from, $to, $options=false) { + return str_replace($from, $to, $name); } function renamePages(&$dbi, &$request, $pages, $from, $to, $updatelinks=false) { $ul = HTML::ul(); $count = 0; foreach ($pages as $name) { - if ( ($newname = $this->renameHelper($name,$from,$to)) and + if ( ($newname = $this->renameHelper($name, $from, $to)) and $newname != $name ) { if ($dbi->isWikiPage($newname)) - $ul->pushContent(HTML::li(fmt("Page %s already exists. Ignored.",WikiLink($newname)))); - elseif (!mayAccessPage('change',$name)) - $ul->pushContent(HTML::li(fmt("Access denied to change page '%s'.",WikiLink($name)))); - elseif ( $dbi->renamePage($name,$newname,$updatelinks)) { + $ul->pushContent(HTML::li(fmt("Page %s already exists. Ignored.", + WikiLink($newname)))); + elseif (!mayAccessPage('change', $name)) + $ul->pushContent(HTML::li(fmt("Access denied to change page '%s'.", + WikiLink($name)))); + elseif ( $dbi->renamePage($name, $newname, $updatelinks)) { /* not yet implemented for all backends */ - $ul->pushContent(HTML::li(fmt("Renamed page '%s' to '%s'.",$name,WikiLink($newname)))); + $ul->pushContent(HTML::li(fmt("Renamed page '%s' to '%s'.", + $name, WikiLink($newname)))); $count++; } else { - $ul->pushContent(HTML::li(fmt("Couldn't rename page '%s' to '%s'.", $name, $newname))); + $ul->pushContent(HTML::li(fmt("Couldn't rename page '%s' to '%s'.", + $name, $newname))); } } else { - $ul->pushContent(HTML::li(fmt("Couldn't rename page '%s' to '%s'.", $name, $newname))); + $ul->pushContent(HTML::li(fmt("Couldn't rename page '%s' to '%s'.", + $name, $newname))); } } if ($count) { $dbi->touch(); - return HTML($ul, HTML::p(fmt("%s pages have been permanently renamed.",$count))); + return HTML($ul, HTML::p(fmt("%s pages have been permanently renamed.", + $count))); } else { return HTML($ul, HTML::p(fmt("No pages renamed."))); } @@ -119,7 +126,7 @@ extends WikiPlugin_WikiAdminSelect $pages = $p; if ($p && $request->isPost() && !empty($post_args['rename']) && empty($post_args['cancel'])) { - // DONE: check individual PagePermissions + // without individual PagePermissions: if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) { $request->_notAuthorized(WIKIAUTH_ADMIN); $this->disabled("! user->isAdmin"); @@ -128,7 +135,8 @@ extends WikiPlugin_WikiAdminSelect if ($post_args['action'] == 'verify') { // Real action return $this->renamePages($dbi, $request, array_keys($p), - $post_args['from'], $post_args['to'], !empty($post_args['updatelinks'])); + $post_args['from'], $post_args['to'], + !empty($post_args['updatelinks'])); } if ($post_args['action'] == 'select') { if (!empty($post_args['from'])) @@ -159,7 +167,7 @@ extends WikiPlugin_WikiAdminSelect $button_label = _("Yes"); $header->pushContent( HTML::p(HTML::strong( - _("Are you sure you want to permanently rename the selected files?")))); + _("Are you sure you want to permanently rename the selected files?")))); $header = $this->renameForm($header, $post_args); } else { @@ -168,7 +176,6 @@ extends WikiPlugin_WikiAdminSelect $header = $this->renameForm($header, $post_args); } - $buttons = HTML::p(Button('submit:admin_rename[rename]', $button_label, 'wikiadmin'), Button('submit:admin_rename[cancel]', _("Cancel"), 'button')); @@ -179,8 +186,10 @@ extends WikiPlugin_WikiAdminSelect HiddenInputs($request->getArgs(), false, array('admin_rename')), - HiddenInputs(array('admin_rename[action]' => $next_action, - /*'require_authority_for_post' => WIKIAUTH_ADMIN */)), + HiddenInputs(array('admin_rename[action]' => $next_action)), + ENABLE_PAGEPERM + ? '' + : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)), $buttons); } @@ -212,7 +221,7 @@ extends WikiPlugin_WikiAdminSelect class _PageList_Column_renamed_pagename extends _PageList_Column { function _getValue ($page_handle, &$revision_handle) { $post_args = $GLOBALS['request']->getArg('admin_rename'); - $value = str_replace($post_args['from'], $post_args['to'],$page_handle->getName()); + $value = str_replace($post_args['from'], $post_args['to'], $page_handle->getName()); $div = HTML::div(" => ",HTML::input(array('type' => 'text', 'name' => 'rename[]', 'value' => $value))); @@ -226,6 +235,9 @@ class _PageList_Column_renamed_pagename extends _PageList_Column { }; // $Log: not supported by cvs2svn $ +// Revision 1.14 2004/06/03 22:24:48 rurban +// reenable admin check on !ENABLE_PAGEPERM, honor s=Wildcard arg, fix warning after Remove +// // Revision 1.13 2004/06/03 12:59:41 rurban // simplify translation // NS4 wrap=virtual only diff --git a/lib/plugin/WikiAdminSearchReplace.php b/lib/plugin/WikiAdminSearchReplace.php index cfffc97ef..a4859e971 100644 --- a/lib/plugin/WikiAdminSearchReplace.php +++ b/lib/plugin/WikiAdminSearchReplace.php @@ -1,5 +1,5 @@ isPost() && empty($post_args['cancel'])) { - // FIXME: check individual PagePermissions + // without individual PagePermissions: if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) { $request->_notAuthorized(WIKIAUTH_ADMIN); $this->disabled("! user->isAdmin"); @@ -192,8 +192,10 @@ extends WikiPlugin_WikiAdminSelect HiddenInputs($request->getArgs(), false, array('admin_replace')), - HiddenInputs(array('admin_replace[action]' => $next_action, - 'require_authority_for_post' => WIKIAUTH_ADMIN)), + HiddenInputs(array('admin_replace[action]' => $next_action)), + ENABLE_PAGEPERM + ? '' + : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)), $buttons); } @@ -244,6 +246,9 @@ function stri_replace($find,$replace,$string) { } // $Log: not supported by cvs2svn $ +// Revision 1.10 2004/06/03 22:24:48 rurban +// reenable admin check on !ENABLE_PAGEPERM, honor s=Wildcard arg, fix warning after Remove +// // Revision 1.9 2004/04/07 23:13:19 rurban // fixed pear/File_Passwd for Windows // fixed FilePassUser sessions (filehandle revive) and password update diff --git a/lib/plugin/WikiAdminSetAcl.php b/lib/plugin/WikiAdminSetAcl.php index 6dade2773..2dbf20a25 100644 --- a/lib/plugin/WikiAdminSetAcl.php +++ b/lib/plugin/WikiAdminSetAcl.php @@ -1,5 +1,5 @@ isPost() && !empty($post_args['acl']) && empty($post_args['cancel'])) { - - // DONE: check individual PagePermissions + // without individual PagePermissions: if (!ENABLE_PAGEPERM and !$request->_user->isAdmin()) { $request->_notAuthorized(WIKIAUTH_ADMIN); $this->disabled("! user->isAdmin"); @@ -197,6 +196,9 @@ extends WikiPlugin_WikiAdminSelect false, array('admin_setacl')), HiddenInputs(array('admin_setacl[action]' => $next_action)), + ENABLE_PAGEPERM + ? '' + : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)), $buttons); } @@ -287,6 +289,9 @@ class _PageList_Column_perm extends _PageList_Column { }; // $Log: not supported by cvs2svn $ +// Revision 1.12 2004/06/03 22:24:48 rurban +// reenable admin check on !ENABLE_PAGEPERM, honor s=Wildcard arg, fix warning after Remove +// // Revision 1.11 2004/06/01 15:28:02 rurban // AdminUser only ADMIN_USER not member of Administrators // some RateIt improvements by dfrankow diff --git a/lib/stdlib.php b/lib/stdlib.php index 2b7cbcc93..c71ec2063 100644 --- a/lib/stdlib.php +++ b/lib/stdlib.php @@ -1,4 +1,4 @@ - $page_mtime) { - echo "$path/$pagename: newer than the existing page.", - " replace ($new_mtime > $page_mtime)
\n"; + echo "$path/$pagename: ",_("newer than the existing page."), + _(" replace "),"($new_mtime > $page_mtime)","
\n"; LoadAny($request,$path."/".$filename); echo "
\n"; } else { - echo "$path/$pagename: older than the existing page.", - " skipped.
\n"; + echo "$path/$pagename: ",_("older than the existing page."), + _(" skipped"),".
\n"; } } else { - echo "$path/$pagename: unknown format.", - " skipped.
\n"; + echo "$path/$pagename: ",("unknown format."), + _(" skipped"),".
\n"; } } else { - echo "$pagename does not exist
\n"; + echo sprintf(_("%s does not exist"),$pagename),"
\n"; LoadAny($request,$path."/".$filename); echo "
\n"; } @@ -136,8 +136,8 @@ function CheckPgsrcUpdate(&$request) { if ($pagename == _("HomePage")) $isHomePage = true; if ($pagename == "HomePage") $isHomePage = true; if ($isHomePage) { - echo "$path/$pagename: always skip the HomePage.", - " skipped
\n"; + echo "$path/$pagename: ",_("always skip the HomePage."), + _(" skipped"),".
\n"; $isHomePage = false; continue; } @@ -293,11 +293,11 @@ function CheckDatabaseUpdate($request) { $prefix = isset($DBParams['prefix']) ? $DBParams['prefix'] : ''; extract($dbh->_backend->_table_names); foreach (explode(':','session:user:pref:member') as $table) { - echo _("check for table $table")," ..."; + echo sprintf(_("check for table %s"),$table)," ..."; if (!in_array($prefix.$table,$tables)) { installTable(&$dbh, $table, $backend_type); } else { - echo "OK
\n"; + echo _("OK"),"
\n"; } } $backend = &$dbh->_backend->_dbh; @@ -389,6 +389,9 @@ function DoUpgrade($request) { /** $Log: not supported by cvs2svn $ + Revision 1.12 2004/05/18 13:59:15 rurban + rename simpleQuery to genericQuery + Revision 1.11 2004/05/15 13:06:17 rurban skip the HomePage, at first upgrade the ActionPages, then the database, then the rest -- 2.45.0