16b13307fSandi<?php 26b13307fSandi/** 36b13307fSandi * DokuWiki Actions 46b13307fSandi * 56b13307fSandi * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 66b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 76b13307fSandi */ 86b13307fSandi 96b13307fSandi if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../').'/'); 106b13307fSandi require_once(DOKU_INC.'inc/template.php'); 116b13307fSandi 12af182434Sandi 136b13307fSandi/** 146b13307fSandi * Call the needed action handlers 156b13307fSandi * 166b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 17c9570649SAndreas Gohr * @triggers ACTION_ACT_PREPROCESS 18c9570649SAndreas Gohr * @triggers ACTION_HEADERS_SEND 196b13307fSandi */ 206b13307fSandifunction act_dispatch(){ 216b13307fSandi global $INFO; 226b13307fSandi global $ACT; 236b13307fSandi global $ID; 246b13307fSandi global $QUERY; 256b13307fSandi global $lang; 266b13307fSandi global $conf; 276b13307fSandi 28c2e830f2Schris // give plugins an opportunity to process the action 2924bb549bSchris $evt = new Doku_Event('ACTION_ACT_PREPROCESS',$ACT); 3024bb549bSchris if ($evt->advise_before()) { 31c2e830f2Schris 32af182434Sandi //sanitize $ACT 33af182434Sandi $ACT = act_clean($ACT); 34af182434Sandi 35b8957367SBenjamin Gilbert //check if searchword was given - else just show 360868021bSAndreas Gohr $s = cleanID($QUERY); 370868021bSAndreas Gohr if($ACT == 'search' && empty($s)){ 38b8957367SBenjamin Gilbert $ACT = 'show'; 39b8957367SBenjamin Gilbert } 40b8957367SBenjamin Gilbert 41b8957367SBenjamin Gilbert //login stuff 42b8957367SBenjamin Gilbert if(in_array($ACT,array('login','logout'))) 43b8957367SBenjamin Gilbert $ACT = act_auth($ACT); 44b8957367SBenjamin Gilbert 451380fc45SAndreas Gohr //check if user is asking to (un)subscribe a page 461380fc45SAndreas Gohr if($ACT == 'subscribe' || $ACT == 'unsubscribe') 471380fc45SAndreas Gohr $ACT = act_subscription($ACT); 48b158d625SSteven Danz 496b13307fSandi //check permissions 506b13307fSandi $ACT = act_permcheck($ACT); 516b13307fSandi 52b8957367SBenjamin Gilbert //register 53c9570649SAndreas Gohr $nil = array(); 54b3510079SAndreas Gohr if($ACT == 'register' && $_POST['save'] && register()){ 55b8957367SBenjamin Gilbert $ACT = 'login'; 56b8957367SBenjamin Gilbert } 576b13307fSandi 588b06d178Schris if ($ACT == 'resendpwd' && act_resendpwd()) { 598b06d178Schris $ACT = 'login'; 608b06d178Schris } 618b06d178Schris 628b06d178Schris //update user profile 638b06d178Schris if (($ACT == 'profile') && updateprofile()) { 644cb79657SMatthias Grimm msg($lang['profchanged'],1); 654cb79657SMatthias Grimm $ACT = 'show'; 668b06d178Schris } 678b06d178Schris 686b13307fSandi //save 696b13307fSandi if($ACT == 'save') 706b13307fSandi $ACT = act_save($ACT); 716b13307fSandi 72067c5d22SBen Coburn //cancel conflicting edit 73067c5d22SBen Coburn if($ACT == 'cancel') 74067c5d22SBen Coburn $ACT = 'show'; 75067c5d22SBen Coburn 76ee4c4a1bSAndreas Gohr //draft deletion 77ee4c4a1bSAndreas Gohr if($ACT == 'draftdel') 78ee4c4a1bSAndreas Gohr $ACT = act_draftdel($ACT); 79ee4c4a1bSAndreas Gohr 80ee4c4a1bSAndreas Gohr //draft saving on preview 81ee4c4a1bSAndreas Gohr if($ACT == 'preview') 82ee4c4a1bSAndreas Gohr $ACT = act_draftsave($ACT); 83ee4c4a1bSAndreas Gohr 846b13307fSandi //edit 85b146b32bSandi if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ 86af182434Sandi $ACT = act_edit($ACT); 876b13307fSandi }else{ 886b13307fSandi unlock($ID); //try to unlock 896b13307fSandi } 906b13307fSandi 916b13307fSandi //handle export 92ac83b9d8Sandi if(substr($ACT,0,7) == 'export_') 936b13307fSandi $ACT = act_export($ACT); 946b13307fSandi 956b13307fSandi //display some infos 966b13307fSandi if($ACT == 'check'){ 976b13307fSandi check(); 986b13307fSandi $ACT = 'show'; 996b13307fSandi } 1006b13307fSandi 101c19fe9c0Sandi //handle admin tasks 102c19fe9c0Sandi if($ACT == 'admin'){ 10311e2ce22Schris // retrieve admin plugin name from $_REQUEST['page'] 104bb4866bdSchris if (!empty($_REQUEST['page'])) { 10511e2ce22Schris $pluginlist = plugin_list('admin'); 10611e2ce22Schris if (in_array($_REQUEST['page'], $pluginlist)) { 10711e2ce22Schris // attempt to load the plugin 10811e2ce22Schris if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== NULL) 10911e2ce22Schris $plugin->handle(); 11011e2ce22Schris } 11111e2ce22Schris } 112c19fe9c0Sandi } 1135f312bacSAndreas Gohr 1145f312bacSAndreas Gohr // check permissions again - the action may have changed 1155f312bacSAndreas Gohr $ACT = act_permcheck($ACT); 11624bb549bSchris } // end event ACTION_ACT_PREPROCESS default action 11724bb549bSchris $evt->advise_after(); 11824bb549bSchris unset($evt); 119c19fe9c0Sandi 1205f312bacSAndreas Gohr 1216b13307fSandi //call template FIXME: all needed vars available? 122f63a2007Schris $headers[] = 'Content-Type: text/html; charset=utf-8'; 123746855cfSBen Coburn trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders'); 124f63a2007Schris 1255a892029SAndreas Gohr include(template('main.php')); 126c19fe9c0Sandi // output for the commands is now handled in inc/templates.php 127c19fe9c0Sandi // in function tpl_content() 1286b13307fSandi} 1296b13307fSandi 130f63a2007Schrisfunction act_sendheaders($headers) { 131f63a2007Schris foreach ($headers as $hdr) header($hdr); 132f63a2007Schris} 133f63a2007Schris 1346b13307fSandi/** 135af182434Sandi * Sanitize the action command 136af182434Sandi * 137af182434Sandi * Add all allowed commands here. 138af182434Sandi * 139af182434Sandi * @author Andreas Gohr <andi@splitbrain.org> 140af182434Sandi */ 141af182434Sandifunction act_clean($act){ 142af182434Sandi global $lang; 14360e6b550SAndreas Gohr global $conf; 144af182434Sandi 145ee4c4a1bSAndreas Gohr // check if the action was given as array key 146ee4c4a1bSAndreas Gohr if(is_array($act)){ 147ee4c4a1bSAndreas Gohr list($act) = array_keys($act); 148ee4c4a1bSAndreas Gohr } 149ee4c4a1bSAndreas Gohr 150ac83b9d8Sandi //remove all bad chars 151ac83b9d8Sandi $act = strtolower($act); 1522d5ccb39SAndreas Gohr $act = preg_replace('/[^1-9a-z_]+/','',$act); 153ac83b9d8Sandi 154ac83b9d8Sandi if($act == 'export_html') $act = 'export_xhtml'; 155cc2ae802SAndreas Gohr if($act == 'export_htmlbody') $act = 'export_xhtmlbody'; 156b146b32bSandi 157409d7af7SAndreas Gohr // check if action is disabled 158409d7af7SAndreas Gohr if(!actionOK($act)){ 159409d7af7SAndreas Gohr msg('Command disabled: '.htmlspecialchars($act),-1); 160409d7af7SAndreas Gohr return 'show'; 161409d7af7SAndreas Gohr } 162409d7af7SAndreas Gohr 16360e6b550SAndreas Gohr //disable all acl related commands if ACL is disabled 16460e6b550SAndreas Gohr if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin', 16560e6b550SAndreas Gohr 'subscribe','unsubscribe','profile', 16660e6b550SAndreas Gohr 'resendpwd',))){ 16760e6b550SAndreas Gohr msg('Command unavailable: '.htmlspecialchars($act),-1); 16860e6b550SAndreas Gohr return 'show'; 16960e6b550SAndreas Gohr } 17060e6b550SAndreas Gohr 171067c5d22SBen Coburn if(!in_array($act,array('login','logout','register','save','cancel','edit','draft', 172ac83b9d8Sandi 'preview','search','show','check','index','revisions', 1731380fc45SAndreas Gohr 'diff','recent','backlink','admin','subscribe', 17418829381SAndreas Gohr 'unsubscribe','profile','resendpwd','recover','wordblock', 175ee4c4a1bSAndreas Gohr 'draftdel',)) && substr($act,0,7) != 'export_' ) { 176ee4c4a1bSAndreas Gohr msg('Command unknown: '.htmlspecialchars($act),-1); 177af182434Sandi return 'show'; 178af182434Sandi } 179af182434Sandi return $act; 180af182434Sandi} 181af182434Sandi 182af182434Sandi/** 1836b13307fSandi * Run permissionchecks 1846b13307fSandi * 1856b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 1866b13307fSandi */ 1876b13307fSandifunction act_permcheck($act){ 188dbbc6aa7Sandi global $INFO; 1895e199953Smatthiasgrimm global $conf; 190dbbc6aa7Sandi 191ee4c4a1bSAndreas Gohr if(in_array($act,array('save','preview','edit','recover'))){ 1926b13307fSandi if($INFO['exists']){ 193bdbc16bfSandi if($act == 'edit'){ 194bdbc16bfSandi //the edit function will check again and do a source show 195bdbc16bfSandi //when no AUTH_EDIT available 196bdbc16bfSandi $permneed = AUTH_READ; 197bdbc16bfSandi }else{ 1986b13307fSandi $permneed = AUTH_EDIT; 199bdbc16bfSandi } 2006b13307fSandi }else{ 2016b13307fSandi $permneed = AUTH_CREATE; 2026b13307fSandi } 2038b06d178Schris }elseif(in_array($act,array('login','search','recent','profile'))){ 2046b13307fSandi $permneed = AUTH_NONE; 2055e199953Smatthiasgrimm }elseif($act == 'register'){ 2065e199953Smatthiasgrimm $permneed = AUTH_NONE; 207ebd3d9ceSchris }elseif($act == 'resendpwd'){ 208ebd3d9ceSchris $permneed = AUTH_NONE; 209c19fe9c0Sandi }elseif($act == 'admin'){ 210f8cc712eSAndreas Gohr if($INFO['ismanager']){ 211f8cc712eSAndreas Gohr // if the manager has the needed permissions for a certain admin 212f8cc712eSAndreas Gohr // action is checked later 213f8cc712eSAndreas Gohr $permneed = AUTH_READ; 214f8cc712eSAndreas Gohr }else{ 215c19fe9c0Sandi $permneed = AUTH_ADMIN; 216f8cc712eSAndreas Gohr } 2176b13307fSandi }else{ 2186b13307fSandi $permneed = AUTH_READ; 2196b13307fSandi } 220dbbc6aa7Sandi if($INFO['perm'] >= $permneed) return $act; 221dbbc6aa7Sandi 2226b13307fSandi return 'denied'; 2236b13307fSandi} 2246b13307fSandi 2256b13307fSandi/** 226ee4c4a1bSAndreas Gohr * Handle 'draftdel' 227ee4c4a1bSAndreas Gohr * 228ee4c4a1bSAndreas Gohr * Deletes the draft for the current page and user 229ee4c4a1bSAndreas Gohr */ 230ee4c4a1bSAndreas Gohrfunction act_draftdel($act){ 231ee4c4a1bSAndreas Gohr global $INFO; 232ee4c4a1bSAndreas Gohr @unlink($INFO['draft']); 233ee4c4a1bSAndreas Gohr $INFO['draft'] = null; 234ee4c4a1bSAndreas Gohr return 'show'; 235ee4c4a1bSAndreas Gohr} 236ee4c4a1bSAndreas Gohr 237ee4c4a1bSAndreas Gohr/** 238ee4c4a1bSAndreas Gohr * Saves a draft on preview 239ee4c4a1bSAndreas Gohr * 240ee4c4a1bSAndreas Gohr * @todo this currently duplicates code from ajax.php :-/ 241ee4c4a1bSAndreas Gohr */ 242ee4c4a1bSAndreas Gohrfunction act_draftsave($act){ 243ee4c4a1bSAndreas Gohr global $INFO; 244ee4c4a1bSAndreas Gohr global $ID; 245ee4c4a1bSAndreas Gohr global $conf; 246ee4c4a1bSAndreas Gohr if($conf['usedraft'] && $_POST['wikitext']){ 247ee4c4a1bSAndreas Gohr $draft = array('id' => $ID, 248ee4c4a1bSAndreas Gohr 'prefix' => $_POST['prefix'], 249ee4c4a1bSAndreas Gohr 'text' => $_POST['wikitext'], 250ee4c4a1bSAndreas Gohr 'suffix' => $_POST['suffix'], 251ee4c4a1bSAndreas Gohr 'date' => $_POST['date'], 252ee4c4a1bSAndreas Gohr 'client' => $INFO['client'], 253ee4c4a1bSAndreas Gohr ); 254ee4c4a1bSAndreas Gohr $cname = getCacheName($draft['client'].$ID,'.draft'); 255ee4c4a1bSAndreas Gohr if(io_saveFile($cname,serialize($draft))){ 256ee4c4a1bSAndreas Gohr $INFO['draft'] = $cname; 257ee4c4a1bSAndreas Gohr } 258ee4c4a1bSAndreas Gohr } 259ee4c4a1bSAndreas Gohr return $act; 260ee4c4a1bSAndreas Gohr} 261ee4c4a1bSAndreas Gohr 262ee4c4a1bSAndreas Gohr/** 2636b13307fSandi * Handle 'save' 2646b13307fSandi * 2656b13307fSandi * Checks for spam and conflicts and saves the page. 2666b13307fSandi * Does a redirect to show the page afterwards or 2676b13307fSandi * returns a new action. 2686b13307fSandi * 2696b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 2706b13307fSandi */ 2716b13307fSandifunction act_save($act){ 2726b13307fSandi global $ID; 2736b13307fSandi global $DATE; 2746b13307fSandi global $PRE; 2756b13307fSandi global $TEXT; 2766b13307fSandi global $SUF; 2776b13307fSandi global $SUM; 2786b13307fSandi 2796b13307fSandi //spam check 2806b13307fSandi if(checkwordblock()) 2816b13307fSandi return 'wordblock'; 2826b13307fSandi //conflict check //FIXME use INFO 2836b13307fSandi if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE ) 2846b13307fSandi return 'conflict'; 2856b13307fSandi 2866b13307fSandi //save it 287b6912aeaSAndreas Gohr saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con 2886b13307fSandi //unlock it 2896b13307fSandi unlock($ID); 2906b13307fSandi 291ee4c4a1bSAndreas Gohr //delete draft 292ee4c4a1bSAndreas Gohr act_draftdel($act); 293ee4c4a1bSAndreas Gohr 2946b13307fSandi //show it 2956b13307fSandi session_write_close(); 2966b13307fSandi header("Location: ".wl($ID,'',true)); 2976b13307fSandi exit(); 2986b13307fSandi} 2996b13307fSandi 3006b13307fSandi/** 301b8957367SBenjamin Gilbert * Handle 'login', 'logout' 3026b13307fSandi * 3036b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 3046b13307fSandi */ 3056b13307fSandifunction act_auth($act){ 30608eda5bcSmatthiasgrimm global $ID; 3077cace34dSAndreas Gohr global $INFO; 30808eda5bcSmatthiasgrimm 3096b13307fSandi //already logged in? 3102288dc06SGuy Brand if($_SERVER['REMOTE_USER'] && $act=='login'){ 3112288dc06SGuy Brand header("Location: ".wl($ID,'',true)); 3122288dc06SGuy Brand exit; 3132288dc06SGuy Brand } 3146b13307fSandi 3156b13307fSandi //handle logout 3166b13307fSandi if($act=='logout'){ 31708eda5bcSmatthiasgrimm $lockedby = checklock($ID); //page still locked? 318424c3c4fSJohannes Buchner if($lockedby == $_SERVER['REMOTE_USER']) 31908eda5bcSmatthiasgrimm unlock($ID); //try to unlock 32008eda5bcSmatthiasgrimm 3217cace34dSAndreas Gohr // do the logout stuff 3226b13307fSandi auth_logoff(); 3237cace34dSAndreas Gohr 3247cace34dSAndreas Gohr // rebuild info array 3257cace34dSAndreas Gohr $INFO = pageinfo(); 3267cace34dSAndreas Gohr 3276b13307fSandi return 'login'; 3286b13307fSandi } 3296b13307fSandi 3306b13307fSandi return $act; 3316b13307fSandi} 3326b13307fSandi 3336b13307fSandi/** 3346b13307fSandi * Handle 'edit', 'preview' 3356b13307fSandi * 3366b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 3376b13307fSandi */ 3386b13307fSandifunction act_edit($act){ 339cd409024Sjorda global $ID; 340ee4c4a1bSAndreas Gohr global $INFO; 341cd409024Sjorda 3426b13307fSandi //check if locked by anyone - if not lock for my self 3436b13307fSandi $lockedby = checklock($ID); 3446b13307fSandi if($lockedby) return 'locked'; 3456b13307fSandi 3466b13307fSandi lock($ID); 3476b13307fSandi return $act; 3486b13307fSandi} 3496b13307fSandi 3506b13307fSandi/** 3516b13307fSandi * Handle 'edit', 'preview' 3526b13307fSandi * 3536b13307fSandi * @author Andreas Gohr <andi@splitbrain.org> 3546b13307fSandi */ 3556b13307fSandifunction act_export($act){ 3566b13307fSandi global $ID; 3576b13307fSandi global $REV; 3586b13307fSandi 359*c3673e61SAndreas Gohr // search engines: never cache exported docs! (Google only currently) 360*c3673e61SAndreas Gohr header('X-Robots-Tag: noindex'); 361*c3673e61SAndreas Gohr 362ac83b9d8Sandi // no renderer for this 363ac83b9d8Sandi if($act == 'export_raw'){ 364ac83b9d8Sandi header('Content-Type: text/plain; charset=utf-8'); 365ac83b9d8Sandi print rawWiki($ID,$REV); 366ac83b9d8Sandi exit; 367ac83b9d8Sandi } 368ac83b9d8Sandi 369ac83b9d8Sandi // html export #FIXME what about the template's style? 370ac83b9d8Sandi if($act == 'export_xhtml'){ 37185f8705cSAnika Henke global $conf; 37285f8705cSAnika Henke global $lang; 3736b13307fSandi header('Content-Type: text/html; charset=utf-8'); 37485f8705cSAnika Henke ptln('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'); 37585f8705cSAnika Henke ptln(' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'); 37685f8705cSAnika Henke ptln('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$conf['lang'].'"'); 37785f8705cSAnika Henke ptln(' lang="'.$conf['lang'].'" dir="'.$lang['direction'].'">'); 3786b13307fSandi ptln('<head>'); 37985f8705cSAnika Henke ptln(' <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'); 38085f8705cSAnika Henke ptln(' <title>'.$ID.'</title>'); 3816b13307fSandi tpl_metaheaders(); 3826b13307fSandi ptln('</head>'); 3836b13307fSandi ptln('<body>'); 3842c5c3308SAndreas Gohr ptln('<div class="dokuwiki export">'); 385ac83b9d8Sandi print p_wiki_xhtml($ID,$REV,false); 386c771e9edSAnika Henke ptln('</div>'); 3876b13307fSandi ptln('</body>'); 3886b13307fSandi ptln('</html>'); 3896b13307fSandi exit; 3906b13307fSandi } 3916b13307fSandi 392cc2ae802SAndreas Gohr // html body only 393cc2ae802SAndreas Gohr if($act == 'export_xhtmlbody'){ 394cc2ae802SAndreas Gohr print p_wiki_xhtml($ID,$REV,false); 395cc2ae802SAndreas Gohr exit; 396cc2ae802SAndreas Gohr } 397cc2ae802SAndreas Gohr 398b3510079SAndreas Gohr // try to run renderer 399ac83b9d8Sandi $mode = substr($act,7); 4002d5ccb39SAndreas Gohr $text = p_cached_output(wikiFN($ID,$REV), $mode); 401ac83b9d8Sandi if(!is_null($text)){ 402ac83b9d8Sandi print $text; 4036b13307fSandi exit; 4046b13307fSandi } 4056b13307fSandi 4066b13307fSandi return 'show'; 4076b13307fSandi} 408340756e4Sandi 409b158d625SSteven Danz/** 4101380fc45SAndreas Gohr * Handle 'subscribe', 'unsubscribe' 411b158d625SSteven Danz * 412b158d625SSteven Danz * @author Steven Danz <steven-danz@kc.rr.com> 4131380fc45SAndreas Gohr * @todo localize 414b158d625SSteven Danz */ 4151380fc45SAndreas Gohrfunction act_subscription($act){ 416b158d625SSteven Danz global $ID; 417b158d625SSteven Danz global $INFO; 418f9eb5648Ssteven-danz global $lang; 419b158d625SSteven Danz 4201380fc45SAndreas Gohr $file=metaFN($ID,'.mlist'); 4211380fc45SAndreas Gohr if ($act=='subscribe' && !$INFO['subscribed']){ 422b158d625SSteven Danz if ($INFO['userinfo']['mail']){ 4231380fc45SAndreas Gohr if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) { 4241380fc45SAndreas Gohr $INFO['subscribed'] = true; 425f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 426b158d625SSteven Danz } else { 427f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 428b158d625SSteven Danz } 429b158d625SSteven Danz } else { 430f9eb5648Ssteven-danz msg($lang['subscribe_noaddress']); 431b158d625SSteven Danz } 4321380fc45SAndreas Gohr } elseif ($act=='unsubscribe' && $INFO['subscribed']){ 433b158d625SSteven Danz if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) { 4341380fc45SAndreas Gohr $INFO['subscribed'] = false; 435f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 436b158d625SSteven Danz } else { 437f9eb5648Ssteven-danz msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 438b158d625SSteven Danz } 439b158d625SSteven Danz } 440b158d625SSteven Danz 441b158d625SSteven Danz return 'show'; 442b158d625SSteven Danz} 443b158d625SSteven Danz 444340756e4Sandi//Setup VIM: ex: et ts=2 enc=utf-8 : 445