Masato Kikuhara
en-sf****@users*****
2005年 7月 12日 (火) 06:05:15 JST
Index: affelio/apps/diary/Diary.pm
diff -u affelio/apps/diary/Diary.pm:1.27 affelio/apps/diary/Diary.pm:1.28
--- affelio/apps/diary/Diary.pm:1.27 Tue Jul 12 02:43:53 2005
+++ affelio/apps/diary/Diary.pm Tue Jul 12 06:05:15 2005
@@ -243,7 +243,7 @@
my $self = shift;
my $id = $self->escape(shift, 'int');
my $user = shift;
- my $comment = $self->escape(shift);
+ my $comment = $self->escape_comment(shift);
my $time = time;
my @same = $self->getall("SELECT id FROM $self->{comment_table} WHERE user = '$user' AND comment = '$comment'");
@@ -367,12 +367,13 @@
$tmpl->param(RECENT_TRACKBACKS => \@trackbacks);
}
- $tmpl->param(
- CALENDER => $self->translate_templateL10N($calender),
- access_control_URL => $self->{afap}->get_URL("access_control"),
- );
- if ($self->{afap}->check_access('write_diary') and eval { require XML::Parser; }) {
+ $tmpl->param(CALENDER => $self->translate_templateL10N($calender), );
+
+ if ($self->{afap}->check_access('write_diary')) {
$tmpl->param(EDITABLE => 1);
+ unless (eval { require XML::Parser; }) {
+ $tmpl->param(NO_PARSER => 1);
+ }
}
$header .= $tmpl->output;
@@ -828,25 +829,38 @@
sub escape {
my ($self, $str, $type) = @_;
-
+
if ($type eq 'int') {
return int($str);
}
else {
- $str =~ s/'/"/g;
+ $str =~ s/[\t\a]//g;
$str =~ s/&/&/g;
- $str =~ s/"/"/g;
+ $str =~ s/["']/"/g;
$str =~ s/</</g;
$str =~ s/>/>/g;
- $str =~ s/<(\/?)(p|i|b|strong|em|u|blockquote)>/<$1$2>/gi;
- $str =~ s/\r\n/<br \/>/g;
- $str =~ s/[\r\n]/<br \/>/g;
- $str =~ s/(s?https?:\/\/[-_.!~*'()a-zA-Z0-9;\/?:\@&=+\$,%#]+)/<a href="$1">$1<\/a>/g;
+ $str =~ s/<(\/?)(a|p|i|b|big|strong|small|em|u|blockquote)>/<$1$2>/ig;
+ $str =~ s/<a +href=(")?(s?https?:\/\/[-_.!~*'()a-zA-Z0-9;\/?:\@&=+\$,%#]+) *(")? *>/<a href="$2">/ig;
+ $str =~ s/""/"/g;
+ $str =~ s/(\r\n|\r|\n)/<br \/>/g;
}
return $str;
}
+sub escape_comment {
+ my ($self, $str) = @_;
+
+ $str =~ s/[\t\a]//g;
+ $str =~ s/&/&/g;
+ $str =~ s/['"]/"/g;
+ $str =~ s/</</g;
+ $str =~ s/>/>/g;
+ $str =~ s/(\r\n|\r|\n)/<br \/>/g;
+
+ return $str;
+}
+
sub getall {
my ($self, $query) = @_;
Index: affelio/apps/diary/edit_diary.cgi
diff -u affelio/apps/diary/edit_diary.cgi:1.10 affelio/apps/diary/edit_diary.cgi:1.11
--- affelio/apps/diary/edit_diary.cgi:1.10 Wed Jul 6 07:06:14 2005
+++ affelio/apps/diary/edit_diary.cgi Tue Jul 12 06:05:15 2005
@@ -16,6 +16,8 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require 'init.pl';
+use Error qw(:try);
+
$diary->checkAccess('write_diary');
my $id = $afap->{cgi}->param('id') or $diary->errorExit('An article number was not specified');
@@ -26,25 +28,31 @@
# submitted
if($afap->{cgi}->param('edit')) {
- # send trackback ping
- if ($afap->{cgi}->param('tping_url')) {
- $diary->sendTrackbackPing($afap->{cgi}->param('tping_url'), $afap->{cgi}->param('title'), $afap->{cgi}->param('contents'), $id);
- }
+ try {
+ # send trackback ping
+ if ($afap->{cgi}->param('tping_url')) {
+ $diary->sendTrackbackPing($afap->{cgi}->param('tping_url'), $afap->{cgi}->param('title'), $afap->{cgi}->param('contents'), $id);
+ }
- $diary->updateEntry($id, $afap->{cgi}->param('title'), $afap->{cgi}->param('contents'));
+ $diary->updateEntry($id, $afap->{cgi}->param('title'), $afap->{cgi}->param('contents'));
- my $filename_1 = $afap->{cgi}->param('filename_1');
- my $filename_2 = $afap->{cgi}->param('filename_2');
+ my $filename_1 = $afap->{cgi}->param('filename_1');
+ my $filename_2 = $afap->{cgi}->param('filename_2');
- if ($afap->{cgi}->param('delete_images') or $filename_1 or $filename_2) {
- $diary->removeUploadedImage($id);
- }
- if ($filename_1) {
- $diary->saveUploadedImage($filename_1, $id);
- }
- if ($filename_2) {
- $diary->saveUploadedImage($filename_2, $id);
+ if ($afap->{cgi}->param('delete_images') or $filename_1 or $filename_2) {
+ $diary->removeUploadedImage($id);
+ }
+ if ($filename_1) {
+ $diary->saveUploadedImage($filename_1, $id);
+ }
+ if ($filename_2) {
+ $diary->saveUploadedImage($filename_2, $id);
+ }
}
+ catch Error with {
+ my $e = shift;
+ error($q, "Error: \n".$e);
+ };
print $diary->getRedirection("show_diary.cgi?id=$id");
exit;
@@ -52,7 +60,14 @@
# deleted
elsif($afap->{cgi}->param('delete')) {
- $diary->removeEntry($id);
+ try {
+ $diary->removeEntry($id);
+ }
+ catch Error with {
+ my $e = shift;
+ error($q, "Error: \n".$e);
+ };
+
print $diary->getRedirection("list_diary.cgi");
exit;
}
@@ -69,7 +84,6 @@
$tmpl = HTML::Template->new(filename => "./templates/edit_diary_edit.tmpl");
my $entry = $diary->getEntry($id);
$entry->{contents} =~ s/<br[^>]*>/\n/g;
- $entry->{contents} =~ s/<\/?a[^>]*>//g;
$tmpl->param(
ID => $entry->{id},
TITLE => $entry->{title},
Index: affelio/apps/diary/external_blog.cgi
diff -u affelio/apps/diary/external_blog.cgi:1.7 affelio/apps/diary/external_blog.cgi:1.8
--- affelio/apps/diary/external_blog.cgi:1.7 Thu Jul 7 21:20:31 2005
+++ affelio/apps/diary/external_blog.cgi Tue Jul 12 06:05:15 2005
@@ -17,6 +17,8 @@
require 'init.pl';
+use Error qw(:try);
+
my $urlfile = $diary->{datadir}.'url';
my $writable = 0;
@@ -70,12 +72,19 @@
print $diary->errorExit("Failed to get RDF file");
}
+my $rss;
# parse and output
-use lib 'extlib';
-use XML::RSS;
-
-my $rss = new XML::RSS;
-$rss->parse($str);
+try {
+ use lib 'extlib';
+ use XML::RSS;
+
+ $rss = new XML::RSS;
+ $rss->parse($str);
+}
+catch Error with {
+ my $e = shift;
+ error($q, "Error: \n" . $e);
+};
my @entries;
my @entry_list;
Index: affelio/apps/diary/init.pl
diff -u affelio/apps/diary/init.pl:1.4 affelio/apps/diary/init.pl:1.5
--- affelio/apps/diary/init.pl:1.4 Wed Jul 6 07:06:14 2005
+++ affelio/apps/diary/init.pl Tue Jul 12 06:05:15 2005
@@ -23,6 +23,7 @@
#
use lib("../../lib");
use AffelioApp;
+use Affelio::misc::CGIError;
#
use Diary;
@@ -41,10 +42,5 @@
$diary->accessErrorExit(' ã‚ãªãŸã¯ã“ã®ãƒšãƒ¼ã‚¸ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™ãŒã‚ã‚Šã¾ã›ã‚“ ');
}
-sub print_af {
- my $str = shift;
- print $diary->translate_templateL10N($str);
-}
-
##########################################################################
1;
Index: affelio/apps/diary/owner.cgi
diff -u affelio/apps/diary/owner.cgi:1.5 affelio/apps/diary/owner.cgi:1.6
--- affelio/apps/diary/owner.cgi:1.5 Wed Jul 6 07:06:14 2005
+++ affelio/apps/diary/owner.cgi Tue Jul 12 06:05:15 2005
@@ -15,16 +15,19 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+our $mymode="owner";
+
require 'init.pl';
-our $mymode="owner";
-$diary->checkAccess('write_diary');
+$diary->checkAccess("write_diary");
if ($afap->{cgi}->param('save_state')) {
my $type = $afap->{cgi}->param('type');
if ($type eq 'import') {
- $diary->setRDFURL($afap->{cgi}->param('url'));
- print $diary->getRedirection('external_blog.cgi'); exit;
+ if ($afap->{cgi}->param('url')) {
+ $diary->setRDFURL($afap->{cgi}->param('url'));
+ print $diary->getRedirection('external_blog.cgi'); exit;
+ }
}
else { # normal diary
$diary->unsetRDFURL;
@@ -46,6 +49,8 @@
eval { require XML::Parser; } or $tmpl->param(NO_PARSER => 1);
+$tmpl->param(access_control_URL => $afap->get_URL("access_control"));
+
print $diary->get_HTML_header;
print $diary->translate_templateL10N($tmpl->output);
print $diary->get_HTML_footer;
Index: affelio/apps/diary/show_image.cgi
diff -u affelio/apps/diary/show_image.cgi:1.4 affelio/apps/diary/show_image.cgi:1.5
--- affelio/apps/diary/show_image.cgi:1.4 Sun Jul 3 08:06:02 2005
+++ affelio/apps/diary/show_image.cgi Tue Jul 12 06:05:15 2005
@@ -17,6 +17,8 @@
require 'init.pl';
+use Error qw(:try);
+
my $id = $afap->{cgi}->param('id') or die;
my $filename = $afap->{cgi}->param('filename') or die;
@@ -31,14 +33,20 @@
binmode STDOUT;
print "Content-type: image/$type\n\n";
if ($width and $height and (eval 'use Image::Magick; 1;')) {
- my $image = new Image::Magick;
- $image->Read(filename => $filepath);
- my ($w, $h) = $image->Get('columns', 'rows');
- if ($w > $width or $h > $height) {
- $image->Resize(geometry => $width.'x'.$height);
- $image->Set(quality => 75);
+ try {
+ my $image = new Image::Magick;
+ $image->Read(filename => $filepath);
+ my ($w, $h) = $image->Get('columns', 'rows');
+ if ($w > $width or $h > $height) {
+ $image->Resize(geometry => $width.'x'.$height);
+ $image->Set(quality => 75);
+ }
+ $image->Write(file => \*STDOUT);
}
- $image->Write(file => \*STDOUT);
+ catch Error with {
+ my $e = shift;
+ error($q, "Error: \n". $e);
+ };
}
else {
open(IMG, "$filepath") or die;
Index: affelio/apps/diary/write_comment.cgi
diff -u affelio/apps/diary/write_comment.cgi:1.11 affelio/apps/diary/write_comment.cgi:1.12
--- affelio/apps/diary/write_comment.cgi:1.11 Wed Jul 6 07:06:14 2005
+++ affelio/apps/diary/write_comment.cgi Tue Jul 12 06:05:15 2005
@@ -16,6 +16,9 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require 'init.pl';
+
+use Error qw(:try);
+
$diary->checkAccess('write_comment');
my $id = $afap->{cgi}->param('id') or $diary->errorExit('An article number was not specified');
@@ -27,7 +30,7 @@
# Confirm
if($afap->{cgi}->param('comment_confirm')) {
my $tmpl = HTML::Template->new(filename => "./templates/write_comment_confirm.tmpl");
- $tmpl->param(COMMENT_SHOW => $diary->escape($afap->{cgi}->param('comment')), COMMENT => $afap->{cgi}->param('comment'), ID => $id);
+ $tmpl->param(COMMENT_SHOW => $diary->escape_comment($afap->{cgi}->param('comment')), COMMENT => $afap->{cgi}->param('comment'), ID => $id);
$tmpl->param(REQUIRE_NAME => 1) unless ($user);
print $diary->get_HTML_header;
print $diary->translate_templateL10N($diary->translate_templateL10N($tmpl->output));
@@ -38,7 +41,7 @@
elsif($afap->{cgi}->param('comment_commit')) {
if(!$user){
- $user = $afap->{cgi}->param('visitor_name');
+ $user = $diary->escape_comment($afap->{cgi}->param('visitor_name'));
}else{
$url = $afap->get_visitor_info('afid');
if ($url =~ /<a href="([^"]*)"/) {
@@ -48,10 +51,16 @@
$user = "<a href=\"$url\">".$afap->get_visitor_info("nickname")."</a>";
}
- $diary->addComment($id, $user, $afap->{cgi}->param('comment'));
+ try {
+ $diary->addComment($id, $user, $afap->{cgi}->param('comment'));
+ }
+ catch Error with {
+ my $e = shift;
+ error($q, "Error: \n".$e);
+ };
- print $diary->getRedirection("show_diary.cgi?id=$id");
- exit;
+ print $diary->getRedirection("show_diary.cgi?id=$id");
+ exit;
}
else {
Index: affelio/apps/diary/write_diary.cgi
diff -u affelio/apps/diary/write_diary.cgi:1.10 affelio/apps/diary/write_diary.cgi:1.11
--- affelio/apps/diary/write_diary.cgi:1.10 Wed Jul 6 07:06:14 2005
+++ affelio/apps/diary/write_diary.cgi Tue Jul 12 06:05:15 2005
@@ -19,6 +19,8 @@
require 'init.pl';
+use Error qw(:try);
+
$diary->checkAccess('write_diary');
my $title = $afap->{cgi}->param('title');
@@ -26,22 +28,29 @@
my $tmpl;
if($afap->{cgi}->param('submit')) {
- # send trackback ping
- if ($afap->{cgi}->param('tping_url')) {
- $diary->sendTrackbackPing($afap->{cgi}->param('tping_url'), $title, $contents);
- }
-
- # add entry
- $diary->addEntry($title, $contents);
+ try {
+ # send trackback ping
+ if ($afap->{cgi}->param('tping_url')) {
+ $diary->sendTrackbackPing($afap->{cgi}->param('tping_url'), $title, $contents);
+ }
+
+ # add entry
+ $diary->addEntry($title, $contents);
- # update images
- $diary->removeUploadedImage;
- if ($afap->{cgi}->param('filename_1')) {
- $diary->saveUploadedImage($afap->{cgi}->param('filename_1'));
- }
- if ($afap->{cgi}->param('filename_2')) {
- $diary->saveUploadedImage($afap->{cgi}->param('filename_2'));
+ # update images
+ $diary->removeUploadedImage;
+ if ($afap->{cgi}->param('filename_1')) {
+ $diary->saveUploadedImage($afap->{cgi}->param('filename_1'));
+ }
+ if ($afap->{cgi}->param('filename_2')) {
+ $diary->saveUploadedImage($afap->{cgi}->param('filename_2'));
+ }
+
}
+ catch Error with {
+ my $e = shift;
+ error($q, "Error: \n".$e);
+ };
print $diary->getRedirection('list_diary.cgi');
exit;