1<?php 2/** 3 * DokuWiki Actions 4 * 5 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 6 * @author Andreas Gohr <andi@splitbrain.org> 7 */ 8 9 if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../').'/'); 10 require_once(DOKU_INC.'inc/template.php'); 11 12 13/** 14 * Call the needed action handlers 15 * 16 * @author Andreas Gohr <andi@splitbrain.org> 17 */ 18function act_dispatch(){ 19 global $INFO; 20 global $ACT; 21 global $ID; 22 global $QUERY; 23 global $lang; 24 global $conf; 25 26 //sanitize $ACT 27 $ACT = act_clean($ACT); 28 29 //check if searchword was given - else just show 30 if($ACT == 'search' && empty($QUERY)){ 31 $ACT = 'show'; 32 } 33 34 //login stuff 35 if(in_array($ACT,array('login','logout'))) 36 $ACT = act_auth($ACT); 37 38 //check if user is asking to (un)subscribe a page 39 if($ACT == 'subscribe' || $ACT == 'unsubscribe') 40 $ACT = act_subscription($ACT); 41 42 //check permissions 43 $ACT = act_permcheck($ACT); 44 45 //register 46 if($ACT == 'register' && register()){ 47 $ACT = 'login'; 48 } 49 50 //save 51 if($ACT == 'save') 52 $ACT = act_save($ACT); 53 54 //edit 55 if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ 56 $ACT = act_edit($ACT); 57 }else{ 58 unlock($ID); //try to unlock 59 } 60 61 //handle export 62 if(substr($ACT,0,7) == 'export_') 63 $ACT = act_export($ACT); 64 65 //display some infos 66 if($ACT == 'check'){ 67 check(); 68 $ACT = 'show'; 69 } 70 71 //handle admin tasks 72 if($ACT == 'admin'){ 73 // retrieve admin plugin name from $_REQUEST['page'] 74 if ($_REQUEST['page']) { 75 $pluginlist = plugin_list('admin'); 76 if (in_array($_REQUEST['page'], $pluginlist)) { 77 // attempt to load the plugin 78 if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== NULL) 79 $plugin->handle(); 80 } 81 } 82/* 83 if($_REQUEST['page'] == 'acl'){ 84 require_once(DOKU_INC.'inc/admin_acl.php'); 85 admin_acl_handler(); 86 } 87*/ 88 } 89 90 //call template FIXME: all needed vars available? 91 header('Content-Type: text/html; charset=utf-8'); 92 include(template('main.php')); 93 // output for the commands is now handled in inc/templates.php 94 // in function tpl_content() 95} 96 97/** 98 * Sanitize the action command 99 * 100 * Add all allowed commands here. 101 * 102 * @author Andreas Gohr <andi@splitbrain.org> 103 */ 104function act_clean($act){ 105 global $lang; 106 107 //handle localized buttons 108 if($act == $lang['btn_save']) $act = 'save'; 109 if($act == $lang['btn_preview']) $act = 'preview'; 110 if($act == $lang['btn_cancel']) $act = 'show'; 111 112 //remove all bad chars 113 $act = strtolower($act); 114 $act = preg_replace('/[^a-z_]+/','',$act); 115 116 if($act == 'export_html') $act = 'export_xhtml'; 117 118 if(array_search($act,array('login','logout','register','save','edit', 119 'preview','search','show','check','index','revisions', 120 'diff','recent','backlink','admin','subscribe', 121 'unsubscribe',)) === false 122 && substr($act,0,7) != 'export_' ) { 123 msg('Unknown command: '.htmlspecialchars($act),-1); 124 return 'show'; 125 } 126 return $act; 127} 128 129/** 130 * Run permissionchecks 131 * 132 * @author Andreas Gohr <andi@splitbrain.org> 133 */ 134function act_permcheck($act){ 135 global $INFO; 136 global $conf; 137 138 if(in_array($act,array('save','preview','edit'))){ 139 if($INFO['exists']){ 140 if($act == 'edit'){ 141 //the edit function will check again and do a source show 142 //when no AUTH_EDIT available 143 $permneed = AUTH_READ; 144 }else{ 145 $permneed = AUTH_EDIT; 146 } 147 }else{ 148 $permneed = AUTH_CREATE; 149 } 150 }elseif(in_array($act,array('login','search','recent'))){ 151 $permneed = AUTH_NONE; 152 }elseif($act == 'register'){ 153 if ($conf['openregister']){ 154 $permneed = AUTH_NONE; 155 }else{ 156 $permneed = AUTH_ADMIN; 157 } 158 }elseif($act == 'admin'){ 159 $permneed = AUTH_ADMIN; 160 }else{ 161 $permneed = AUTH_READ; 162 } 163 if($INFO['perm'] >= $permneed) return $act; 164 165 return 'denied'; 166} 167 168/** 169 * Handle 'save' 170 * 171 * Checks for spam and conflicts and saves the page. 172 * Does a redirect to show the page afterwards or 173 * returns a new action. 174 * 175 * @author Andreas Gohr <andi@splitbrain.org> 176 */ 177function act_save($act){ 178 global $ID; 179 global $DATE; 180 global $PRE; 181 global $TEXT; 182 global $SUF; 183 global $SUM; 184 185 //spam check 186 if(checkwordblock()) 187 return 'wordblock'; 188 //conflict check //FIXME use INFO 189 if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE ) 190 return 'conflict'; 191 192 //save it 193 saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM); //use pretty mode for con 194 //unlock it 195 unlock($ID); 196 197 //show it 198 session_write_close(); 199 header("Location: ".wl($ID,'',true)); 200 exit(); 201} 202 203/** 204 * Handle 'login', 'logout' 205 * 206 * @author Andreas Gohr <andi@splitbrain.org> 207 */ 208function act_auth($act){ 209 global $ID; 210 211 //already logged in? 212 if($_SERVER['REMOTE_USER'] && $act=='login') 213 return 'show'; 214 215 //handle logout 216 if($act=='logout'){ 217 $lockedby = checklock($ID); //page still locked? 218 if($lockedby == $_SERVER['REMOTE_USER']) 219 unlock($ID); //try to unlock 220 221 auth_logoff(); 222 return 'login'; 223 } 224 225 return $act; 226} 227 228/** 229 * Handle 'edit', 'preview' 230 * 231 * @author Andreas Gohr <andi@splitbrain.org> 232 */ 233function act_edit($act){ 234 global $ID; 235 236 //check if locked by anyone - if not lock for my self 237 $lockedby = checklock($ID); 238 if($lockedby) return 'locked'; 239 240 lock($ID); 241 return $act; 242} 243 244/** 245 * Handle 'edit', 'preview' 246 * 247 * @author Andreas Gohr <andi@splitbrain.org> 248 */ 249function act_export($act){ 250 global $ID; 251 global $REV; 252 253 // no renderer for this 254 if($act == 'export_raw'){ 255 header('Content-Type: text/plain; charset=utf-8'); 256 print rawWiki($ID,$REV); 257 exit; 258 } 259 260 // html export #FIXME what about the template's style? 261 if($act == 'export_xhtml'){ 262 header('Content-Type: text/html; charset=utf-8'); 263 ptln('<html>'); 264 ptln('<head>'); 265 tpl_metaheaders(); 266 ptln('</head>'); 267 ptln('<body>'); 268 print p_wiki_xhtml($ID,$REV,false); 269 ptln('</body>'); 270 ptln('</html>'); 271 exit; 272 } 273 274 // try to run renderer #FIXME use cached instructions 275 $mode = substr($act,7); 276 $text = p_render($mode,p_get_instructions(rawWiki($ID,$REV)),$info); 277 if(!is_null($text)){ 278 print $text; 279 exit; 280 } 281 282 283 284 return 'show'; 285} 286 287/** 288 * Handle 'subscribe', 'unsubscribe' 289 * 290 * @author Steven Danz <steven-danz@kc.rr.com> 291 * @todo localize 292 */ 293function act_subscription($act){ 294 global $ID; 295 global $INFO; 296 global $lang; 297 298 $file=metaFN($ID,'.mlist'); 299 if ($act=='subscribe' && !$INFO['subscribed']){ 300 if ($INFO['userinfo']['mail']){ 301 if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) { 302 $INFO['subscribed'] = true; 303 msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 304 } else { 305 msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 306 } 307 } else { 308 msg($lang['subscribe_noaddress']); 309 } 310 } elseif ($act=='unsubscribe' && $INFO['subscribed']){ 311 if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) { 312 $INFO['subscribed'] = false; 313 msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 314 } else { 315 msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 316 } 317 } 318 319 return 'show'; 320} 321 322 323//Setup VIM: ex: et ts=2 enc=utf-8 : 324