diff -ruN -x index.php wiki/lib/auth.php wiki.new/lib/auth.php
--- wiki/lib/auth.php 2012-04-06 20:57:56.000000000 +0900
+++ wiki.new/lib/auth.php 2013-07-05 03:25:33.000000000 +0900
@@ -75,7 +75,7 @@
// LDAP MD5
case '{md5}' :
$hash = ($prefix ? ($canonical ? '{MD5}' : $scheme) : '') .
- base64_encode(hex2bin(md5($phrase)));
+ base64_encode(internal_hex2bin(md5($phrase)));
break;
// LDAP SMD5
@@ -83,13 +83,13 @@
// MD5 Key length = 128bits = 16bytes
$salt = ($salt != '' ? substr(base64_decode($salt), 16) : substr(crypt(''), -8));
$hash = ($prefix ? ($canonical ? '{SMD5}' : $scheme) : '') .
- base64_encode(hex2bin(md5($phrase . $salt)) . $salt);
+ base64_encode(internal_hex2bin(md5($phrase . $salt)) . $salt);
break;
// LDAP SHA
case '{sha}' :
$hash = ($prefix ? ($canonical ? '{SHA}' : $scheme) : '') .
- base64_encode(hex2bin(sha1($phrase)));
+ base64_encode(internal_hex2bin(sha1($phrase)));
break;
// LDAP SSHA
@@ -97,7 +97,7 @@
// SHA-1 Key length = 160bits = 20bytes
$salt = ($salt != '' ? substr(base64_decode($salt), 20) : substr(crypt(''), -8));
$hash = ($prefix ? ($canonical ? '{SSHA}' : $scheme) : '') .
- base64_encode(hex2bin(sha1($phrase . $salt)) . $salt);
+ base64_encode(internal_hex2bin(sha1($phrase . $salt)) . $salt);
break;
// LDAP CLEARTEXT and just cleartext
@@ -134,7 +134,7 @@
} else {
// With exit
$body = $title = str_replace('$1',
- htmlspecialchars(strip_bracket($page)), $_title_cannotedit);
+ htmlsc(strip_bracket($page)), $_title_cannotedit);
if (is_freeze($page))
$body .= '(' . $_msg_unfreeze . ')';
@@ -225,7 +225,7 @@
}
if ($exit_flag) {
$body = $title = str_replace('$1',
- htmlspecialchars(strip_bracket($page)), $title_cannot);
+ htmlsc(strip_bracket($page)), $title_cannot);
$page = str_replace('$1', make_search($page), $title_cannot);
catbody($title, $page, $body . '....');
exit;
diff -ruN -x index.php wiki/lib/backup.php wiki.new/lib/backup.php
--- wiki/lib/backup.php 2007-06-04 20:32:44.000000000 +0900
+++ wiki.new/lib/backup.php 2013-07-05 03:21:33.000000000 +0900
@@ -67,7 +67,7 @@
$body = preg_replace("/\n*$/", "\n", $body);
$fp = _backup_fopen($page, 'wb')
- or die_message('Cannot open ' . htmlspecialchars(_backup_get_filename($page)) .
+ or die_message('Cannot open ' . htmlsc(_backup_get_filename($page)) .
'
Maybe permission is not writable or filename is too long');
_backup_fputs($fp, $strout);
_backup_fputs($fp, $body);
diff -ruN -x index.php wiki/lib/config.php wiki.new/lib/config.php
--- wiki/lib/config.php 2007-06-04 20:32:43.000000000 +0900
+++ wiki.new/lib/config.php 2013-07-05 00:49:42.000000000 +0900
@@ -39,7 +39,7 @@
if (! is_page($this->page)) return FALSE;
$this->objs = array();
- $obj = & new ConfigTable('');
+ $obj = new ConfigTable('');
$matches = array();
foreach (get_source($this->page) as $line) {
@@ -57,22 +57,22 @@
if ($level == 1) {
$this->objs[$obj->title] = $obj;
- $obj = & new ConfigTable($line);
+ $obj = new ConfigTable($line);
} else {
if (! is_a($obj, 'ConfigTable_Direct'))
- $obj = & new ConfigTable_Direct('', $obj);
+ $obj = new ConfigTable_Direct('', $obj);
$obj->set_key($line);
}
} else if ($head == '-' && $level > 1) {
if (! is_a($obj, 'ConfigTable_Direct'))
- $obj = & new ConfigTable_Direct('', $obj);
+ $obj = new ConfigTable_Direct('', $obj);
$obj->add_value($line);
} else if ($head == '|' && preg_match('/^\|(.+)\|\s*$/', $line, $matches)) {
// Table row
if (! is_a($obj, 'ConfigTable_Sequential'))
- $obj = & new ConfigTable_Sequential('', $obj);
+ $obj = new ConfigTable_Sequential('', $obj);
// Trim() each table cell
$obj->add_value(array_map('trim', explode('|', $matches[1])));
} else {
@@ -109,7 +109,7 @@
function & get_object($title)
{
if (! isset($this->objs[$title]))
- $this->objs[$title] = & new ConfigTable('*' . trim($title) . "\n");
+ $this->objs[$title] = new ConfigTable('*' . trim($title) . "\n");
return $this->objs[$title];
}
diff -ruN -x index.php wiki/lib/convert_html.php wiki.new/lib/convert_html.php
--- wiki/lib/convert_html.php 2007-06-04 20:32:44.000000000 +0900
+++ wiki.new/lib/convert_html.php 2013-07-05 03:21:49.000000000 +0900
@@ -19,7 +19,7 @@
if (! is_array($lines)) $lines = explode("\n", $lines);
- $body = & new Body(++$contents_id);
+ $body = new Body(++$contents_id);
$body->parse($lines);
return $body->toString();
@@ -60,7 +60,7 @@
return $this->last = & $obj->last;
}
- function canContain($obj)
+ function canContain(& $obj)
{
return TRUE;
}
@@ -97,40 +97,44 @@
{
// Check the first letter of the line
if (substr($text, 0, 1) == '~') {
- return new Paragraph(' ' . substr($text, 1));
+ $ret_obj = new Paragraph(' ' . substr($text, 1));
} else {
- return new Inline($text);
+ $ret_obj = new Inline($text);
}
+ return $ret_obj;
}
function & Factory_DList(& $root, $text)
{
$out = explode('|', ltrim($text), 2);
if (count($out) < 2) {
- return Factory_Inline($text);
+ $ret_obj = Factory_Inline($text);
} else {
- return new DList($out);
+ $ret_obj = new DList($out);
}
+ return $ret_obj;
}
// '|'-separated table
function & Factory_Table(& $root, $text)
{
if (! preg_match('/^\|(.+)\|([hHfFcC]?)$/', $text, $out)) {
- return Factory_Inline($text);
+ $ret_obj = Factory_Inline($text);
} else {
- return new Table($out);
+ $ret_obj = new Table($out);
}
+ return $ret_obj;
}
// Comma-separated table
function & Factory_YTable(& $root, $text)
{
if ($text == ',') {
- return Factory_Inline($text);
+ $ret_obj = Factory_Inline($text);
} else {
- return new YTable(csv_explode(',', substr($text, 1)));
+ $ret_obj = new YTable(csv_explode(',', substr($text, 1)));
}
+ return $ret_obj;
}
function & Factory_Div(& $root, $text)
@@ -142,7 +146,8 @@
// Usual code
if (preg_match('/^\#([^\(]+)(?:\((.*)\))?/', $text, $matches) &&
exist_plugin_convert($matches[1])) {
- return new Div($matches);
+ $ret_obj = new Div($matches);
+ return $ret_obj;
}
} else {
// Hack code
@@ -151,15 +156,18 @@
$len = strlen($matches[3]);
$body = array();
if ($len == 0) {
- return new Div($matches); // Seems legacy block plugin
+ $ret_obj = new Div($matches); // Seems legacy block plugin
+ return $ret_obj;
} else if (preg_match('/\{{' . $len . '}\s*\r(.*)\r\}{' . $len . '}/', $text, $body)) {
$matches[2] .= "\r" . $body[1] . "\r";
- return new Div($matches); // Seems multiline-enabled block plugin
+ $ret_obj = new Div($matches); // Seems multiline-enabled block plugin
+ return $ret_obj;
}
}
}
- return new Paragraph($text);
+ $ret_obj = new Paragraph($text);
+ return $ret_obj;
}
// Inline elements
@@ -178,7 +186,7 @@
return $this;
}
- function canContain($obj)
+ function canContain(& $obj)
{
return is_a($obj, 'Inline');
}
@@ -191,7 +199,7 @@
function & toPara($class = '')
{
- $obj = & new Paragraph('', $class);
+ $obj = new Paragraph('', $class);
$obj->insert($this);
return $obj;
}
@@ -214,7 +222,7 @@
$this->insert(Factory_Inline($text));
}
- function canContain($obj)
+ function canContain(& $obj)
{
return is_a($obj, 'Inline');
}
@@ -496,10 +504,10 @@
$text = $matches[5];
} else if ($matches[3]) {
$name = $matches[2] ? 'background-color' : 'color';
- $this->style[$name] = $name . ':' . htmlspecialchars($matches[3]) . ';';
+ $this->style[$name] = $name . ':' . htmlsc($matches[3]) . ';';
$text = $matches[5];
} else if ($matches[4]) {
- $this->style['size'] = 'font-size:' . htmlspecialchars($matches[4]) . 'px;';
+ $this->style['size'] = 'font-size:' . htmlsc($matches[4]) . 'px;';
$text = $matches[5];
}
}
@@ -572,7 +580,7 @@
$is_template = ($this->type == 'c');
$row = array();
foreach ($cells as $cell)
- $row[] = & new TableCell($cell, $is_template);
+ $row[] = new TableCell($cell, $is_template);
$this->elements[] = $row;
}
@@ -726,7 +734,7 @@
{
global $preformat_ltrim;
parent::Element();
- $this->elements[] = htmlspecialchars(
+ $this->elements[] = htmlsc(
(! $preformat_ltrim || $text == '' || $text{0} != ' ') ? $text : substr($text, 1));
}
@@ -814,7 +822,7 @@
function Body($id)
{
$this->id = $id;
- $this->contents = & new Element();
+ $this->contents = new Element();
$this->contents_last = & $this->contents;
parent::Element();
}
diff -ruN -x index.php wiki/lib/diff.php wiki.new/lib/diff.php
--- wiki/lib/diff.php 2007-06-04 20:32:41.000000000 +0900
+++ wiki.new/lib/diff.php 2013-07-05 03:26:02.000000000 +0900
@@ -63,7 +63,7 @@
$do_update_diff_table .= '
Sorry, page \'' . htmlspecialchars($rule_page) . + return '
Sorry, page \'' . htmlsc($rule_page) . '\' unavailable.
'; } else { return convert_html(get_source($rule_page)); @@ -528,7 +534,7 @@ { global $WikiName, $autolink, $nowikiname; - $config = &new Config('AutoLink'); + $config = new Config('AutoLink'); $config->read(); $ignorepages = $config->get('IgnoreList'); $forceignorepages = $config->get('ForceIgnoreList'); @@ -631,7 +637,7 @@ if (isset($script_directory_index)) { if (! file_exists($script_directory_index)) die_message('Directory index file not found: ' . - htmlspecialchars($script_directory_index)); + htmlsc($script_directory_index)); $matches = array(); if (preg_match('#^(.+/)' . preg_quote($script_directory_index, '#') . '$#', $script, $matches)) $script = $matches[1]; diff -ruN -x index.php wiki/lib/html.php wiki.new/lib/html.php --- wiki/lib/html.php 2008-02-08 01:33:04.000000000 +0900 +++ wiki.new/lib/html.php 2013-07-05 03:24:50.000000000 +0900 @@ -117,7 +117,7 @@ // Search words if ($search_word_color && isset($vars['word'])) { - $body = '