xref: /dokuwiki/inc/actions.php (revision 166da0c59f106b2bc81be3dd2d9f074434261357) 
1<?php
2/**
3 * DokuWiki Actions
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 */
8
9  if(!defined('DOKU_INC')) define('DOKU_INC',fullpath(dirname(__FILE__).'/../').'/');
10  require_once(DOKU_INC.'inc/template.php');
11
12
13/**
14 * Call the needed action handlers
15 *
16 * @author Andreas Gohr <andi@splitbrain.org>
17 * @triggers ACTION_ACT_PREPROCESS
18 * @triggers ACTION_HEADERS_SEND
19 */
20function act_dispatch(){
21  global $INFO;
22  global $ACT;
23  global $ID;
24  global $QUERY;
25  global $lang;
26  global $conf;
27  global $license;
28
29  $preact = $ACT;
30
31  // give plugins an opportunity to process the action
32  $evt = new Doku_Event('ACTION_ACT_PREPROCESS',$ACT);
33  if ($evt->advise_before()) {
34
35    //sanitize $ACT
36    $ACT = act_clean($ACT);
37
38    //check if searchword was given - else just show
39    $s = cleanID($QUERY);
40    if($ACT == 'search' && empty($s)){
41      $ACT = 'show';
42    }
43
44    //login stuff
45    if(in_array($ACT,array('login','logout'))){
46        $ACT = act_auth($ACT);
47    }
48
49    //check if user is asking to (un)subscribe a page
50    if($ACT == 'subscribe' || $ACT == 'unsubscribe')
51      $ACT = act_subscription($ACT);
52
53    //check if user is asking to (un)subscribe a namespace
54    if($ACT == 'subscribens' || $ACT == 'unsubscribens')
55      $ACT = act_subscriptionns($ACT);
56
57    //check permissions
58    $ACT = act_permcheck($ACT);
59
60    //register
61    $nil = array();
62    if($ACT == 'register' && $_POST['save'] && register()){
63      $ACT = 'login';
64    }
65
66    if ($ACT == 'resendpwd' && act_resendpwd()) {
67      $ACT = 'login';
68    }
69
70    //update user profile
71    if (($ACT == 'profile') && updateprofile()) {
72      msg($lang['profchanged'],1);
73      $ACT = 'show';
74    }
75
76    //save
77    if($ACT == 'save'){
78      if(checkSecurityToken()){
79        $ACT = act_save($ACT);
80      }else{
81        $ACT = 'show';
82      }
83    }
84
85    //cancel conflicting edit
86    if($ACT == 'cancel')
87      $ACT = 'show';
88
89    //draft deletion
90    if($ACT == 'draftdel')
91      $ACT = act_draftdel($ACT);
92
93    //draft saving on preview
94    if($ACT == 'preview')
95      $ACT = act_draftsave($ACT);
96
97    //edit
98    if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){
99      $ACT = act_edit($ACT);
100    }else{
101      unlock($ID); //try to unlock
102    }
103
104    //handle export
105    if(substr($ACT,0,7) == 'export_')
106      $ACT = act_export($ACT);
107
108    //display some infos
109    if($ACT == 'check'){
110      check();
111      $ACT = 'show';
112    }
113
114    //handle admin tasks
115    if($ACT == 'admin'){
116      // retrieve admin plugin name from $_REQUEST['page']
117      if (!empty($_REQUEST['page'])) {
118          $pluginlist = plugin_list('admin');
119          if (in_array($_REQUEST['page'], $pluginlist)) {
120            // attempt to load the plugin
121            if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== NULL)
122                $plugin->handle();
123          }
124      }
125    }
126
127    // check permissions again - the action may have changed
128    $ACT = act_permcheck($ACT);
129  }  // end event ACTION_ACT_PREPROCESS default action
130  $evt->advise_after();
131  unset($evt);
132
133  // when action 'show', the intial not 'show' and POST, do a redirect
134  if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
135    act_redirect($ID,$preact);
136  }
137
138  //call template FIXME: all needed vars available?
139  $headers[] = 'Content-Type: text/html; charset=utf-8';
140  trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders');
141
142  include(template('main.php'));
143  // output for the commands is now handled in inc/templates.php
144  // in function tpl_content()
145}
146
147function act_sendheaders($headers) {
148  foreach ($headers as $hdr) header($hdr);
149}
150
151/**
152 * Sanitize the action command
153 *
154 * Add all allowed commands here.
155 *
156 * @author Andreas Gohr <andi@splitbrain.org>
157 */
158function act_clean($act){
159  global $lang;
160  global $conf;
161
162  // check if the action was given as array key
163  if(is_array($act)){
164    list($act) = array_keys($act);
165  }
166
167  //remove all bad chars
168  $act = strtolower($act);
169  $act = preg_replace('/[^1-9a-z_]+/','',$act);
170
171  if($act == 'export_html') $act = 'export_xhtml';
172  if($act == 'export_htmlbody') $act = 'export_xhtmlbody';
173
174  // check if action is disabled
175  if(!actionOK($act)){
176    msg('Command disabled: '.htmlspecialchars($act),-1);
177    return 'show';
178  }
179
180  //disable all acl related commands if ACL is disabled
181  if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin',
182                                             'subscribe','unsubscribe','profile',
183                                             'resendpwd','subscribens','unsubscribens',))){
184    msg('Command unavailable: '.htmlspecialchars($act),-1);
185    return 'show';
186  }
187
188  if(!in_array($act,array('login','logout','register','save','cancel','edit','draft',
189                          'preview','search','show','check','index','revisions',
190                          'diff','recent','backlink','admin','subscribe',
191                          'unsubscribe','profile','resendpwd','recover','wordblock',
192                          'draftdel','subscribens','unsubscribens',)) && substr($act,0,7) != 'export_' ) {
193    msg('Command unknown: '.htmlspecialchars($act),-1);
194    return 'show';
195  }
196  return $act;
197}
198
199/**
200 * Run permissionchecks
201 *
202 * @author Andreas Gohr <andi@splitbrain.org>
203 */
204function act_permcheck($act){
205  global $INFO;
206  global $conf;
207
208  if(in_array($act,array('save','preview','edit','recover'))){
209    if($INFO['exists']){
210      if($act == 'edit'){
211        //the edit function will check again and do a source show
212        //when no AUTH_EDIT available
213        $permneed = AUTH_READ;
214      }else{
215        $permneed = AUTH_EDIT;
216      }
217    }else{
218      $permneed = AUTH_CREATE;
219    }
220  }elseif(in_array($act,array('login','search','recent','profile'))){
221    $permneed = AUTH_NONE;
222  }elseif($act == 'register'){
223    $permneed = AUTH_NONE;
224  }elseif($act == 'resendpwd'){
225    $permneed = AUTH_NONE;
226  }elseif($act == 'admin'){
227    if($INFO['ismanager']){
228      // if the manager has the needed permissions for a certain admin
229      // action is checked later
230      $permneed = AUTH_READ;
231    }else{
232      $permneed = AUTH_ADMIN;
233    }
234  }else{
235    $permneed = AUTH_READ;
236  }
237  if($INFO['perm'] >= $permneed) return $act;
238
239  return 'denied';
240}
241
242/**
243 * Handle 'draftdel'
244 *
245 * Deletes the draft for the current page and user
246 */
247function act_draftdel($act){
248  global $INFO;
249  @unlink($INFO['draft']);
250  $INFO['draft'] = null;
251  return 'show';
252}
253
254/**
255 * Saves a draft on preview
256 *
257 * @todo this currently duplicates code from ajax.php :-/
258 */
259function act_draftsave($act){
260  global $INFO;
261  global $ID;
262  global $conf;
263  if($conf['usedraft'] && $_POST['wikitext']){
264    $draft = array('id'     => $ID,
265                   'prefix' => $_POST['prefix'],
266                   'text'   => $_POST['wikitext'],
267                   'suffix' => $_POST['suffix'],
268                   'date'   => $_POST['date'],
269                   'client' => $INFO['client'],
270                  );
271    $cname = getCacheName($draft['client'].$ID,'.draft');
272    if(io_saveFile($cname,serialize($draft))){
273      $INFO['draft'] = $cname;
274    }
275  }
276  return $act;
277}
278
279/**
280 * Handle 'save'
281 *
282 * Checks for spam and conflicts and saves the page.
283 * Does a redirect to show the page afterwards or
284 * returns a new action.
285 *
286 * @author Andreas Gohr <andi@splitbrain.org>
287 */
288function act_save($act){
289  global $ID;
290  global $DATE;
291  global $PRE;
292  global $TEXT;
293  global $SUF;
294  global $SUM;
295
296  //spam check
297  if(checkwordblock())
298    return 'wordblock';
299  //conflict check //FIXME use INFO
300  if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE )
301    return 'conflict';
302
303  //save it
304  saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con
305  //unlock it
306  unlock($ID);
307
308  //delete draft
309  act_draftdel($act);
310  session_write_close();
311
312  // when done, show page
313  return 'show';
314}
315
316/**
317 * Do a redirect after receiving post data
318 *
319 * Tries to add the section id as hash mark after section editing
320 */
321function act_redirect($id,$preact){
322  global $PRE;
323  global $TEXT;
324  global $MSG;
325
326  //are there any undisplayed messages? keep them in session for display
327  //on the next page
328  if(isset($MSG) && count($MSG)){
329    //reopen session, store data and close session again
330    @session_start();
331    $_SESSION[DOKU_COOKIE]['msg'] = $MSG;
332    session_write_close();
333  }
334
335  //get section name when coming from section edit
336  if($PRE && preg_match('/^\s*==+([^=\n]+)/',$TEXT,$match)){
337    #FIXME duplicates code from xhtml renderer
338    $title = $match[0];
339    $title = str_replace(':','',cleanID($title));
340    $title = ltrim($title,'0123456789._-');
341    if(empty($title)) $title='section';
342  }
343
344  $opts = array(
345    'id'       => $id,
346    'fragment' => $title,
347    'preact'   => $preact
348  );
349  trigger_event('ACTION_SHOW_REDIRECT',$opts,'act_redirect_execute');
350}
351
352function act_redirect_execute($opts){
353  $go = wl($opts['id'],'',true);
354  if($opts['fragment']) $go .= '#'.$opts['fragment'];
355
356  //show it
357  header("Location: $go");
358  exit();
359}
360
361/**
362 * Handle 'login', 'logout'
363 *
364 * @author Andreas Gohr <andi@splitbrain.org>
365 */
366function act_auth($act){
367  global $ID;
368  global $INFO;
369
370  //already logged in?
371  if($_SERVER['REMOTE_USER'] && $act=='login'){
372    return 'show';
373  }
374
375  //handle logout
376  if($act=='logout'){
377    $lockedby = checklock($ID); //page still locked?
378    if($lockedby == $_SERVER['REMOTE_USER'])
379      unlock($ID); //try to unlock
380
381    // do the logout stuff
382    auth_logoff();
383
384    // rebuild info array
385    $INFO = pageinfo();
386
387    act_redirect($ID,'login');
388  }
389
390  return $act;
391}
392
393/**
394 * Handle 'edit', 'preview'
395 *
396 * @author Andreas Gohr <andi@splitbrain.org>
397 */
398function act_edit($act){
399  global $ID;
400  global $INFO;
401
402  //check if locked by anyone - if not lock for my self
403  $lockedby = checklock($ID);
404  if($lockedby) return 'locked';
405
406  lock($ID);
407  return $act;
408}
409
410/**
411 * Export a wiki page for various formats
412 *
413 * Triggers ACTION_EXPORT_POSTPROCESS
414 *
415 *  Event data:
416 *    data['id']      -- page id
417 *    data['mode']    -- requested export mode
418 *    data['headers'] -- export headers
419 *    data['output']  -- export output
420 *
421 * @author Andreas Gohr <andi@splitbrain.org>
422 * @author Michael Klier <chi@chimeric.de>
423 */
424function act_export($act){
425  global $ID;
426  global $REV;
427  global $conf;
428  global $lang;
429
430  $pre = '';
431  $post = '';
432  $output = '';
433  $headers = array();
434
435  // search engines: never cache exported docs! (Google only currently)
436  $headers['X-Robots-Tag'] = 'noindex';
437
438  $mode = substr($act,7);
439  switch($mode) {
440    case 'raw':
441      $headers['Content-Type'] = 'text/plain; charse=utf-8';
442      $output = rawWiki($ID,$REV);
443      break;
444    case 'xhtml':
445      $pre .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"' . DOKU_LF;
446      $pre .= ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . DOKU_LF;
447      $pre .= '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$conf['lang'].'"' . DOKU_LF;
448      $pre .= ' lang="'.$conf['lang'].'" dir="'.$lang['direction'].'">' . DOKU_LF;
449      $pre .= '<head>' . DOKU_LF;
450      $pre .= '  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' . DOKU_LF;
451      $pre .= '  <title>'.$ID.'</title>' . DOKU_LF;
452
453      // get metaheaders
454      ob_start();
455      tpl_metaheaders();
456      $pre .= ob_get_clean();
457
458      $pre .= '</head>' . DOKU_LF;
459      $pre .= '<body>' . DOKU_LF;
460      $pre .= '<div class="dokuwiki export">' . DOKU_LF;
461
462      // get toc
463      $pre .= tpl_toc(true);
464
465      $headers['Content-Type'] = 'text/html; charset=utf-8';
466      $output = p_wiki_xhtml($ID,$REV,false);
467
468      $post .= '</div>' . DOKU_LF;
469      $post .= '</body>' . DOKU_LF;
470      $post .= '</html>' . DOKU_LF;
471      break;
472    case 'xhtmlbody':
473      $headers['Content-Type'] = 'text/html; charset=utf-8';
474      $output = p_wiki_xhtml($ID,$REV,false);
475      break;
476    default:
477      $headers = p_get_metadata($ID,"format $mode");
478      $output = p_cached_output(wikiFN($ID,$REV), $mode);
479      break;
480  }
481
482  // prepare event data
483  $data = array();
484  $data['id'] = $ID;
485  $data['mode'] = $mode;
486  $data['headers'] = $headers;
487  $data['output'] =& $output;
488
489  trigger_event('ACTION_EXPORT_POSTPROCESS', $data);
490
491  if(!empty($data['output'])){
492    if(is_array($data['headers'])) foreach($data['headers'] as $key => $val){
493      header("$key: $val");
494    }
495    print $pre.$data['output'].$post;
496    exit;
497  }
498  return 'show';
499}
500
501/**
502 * Handle page 'subscribe', 'unsubscribe'
503 *
504 * @author Steven Danz <steven-danz@kc.rr.com>
505 * @todo   localize
506 */
507function act_subscription($act){
508  global $ID;
509  global $INFO;
510  global $lang;
511
512  $file=metaFN($ID,'.mlist');
513  if ($act=='subscribe' && !$INFO['subscribed']){
514    if ($INFO['userinfo']['mail']){
515      if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) {
516        $INFO['subscribed'] = true;
517        msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1);
518      } else {
519        msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1);
520      }
521    } else {
522      msg($lang['subscribe_noaddress']);
523    }
524  } elseif ($act=='unsubscribe' && $INFO['subscribed']){
525    if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) {
526      $INFO['subscribed'] = false;
527      msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1);
528    } else {
529      msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1);
530    }
531  }
532
533  return 'show';
534}
535
536/**
537 * Handle namespace 'subscribe', 'unsubscribe'
538 *
539 */
540function act_subscriptionns($act){
541  global $ID;
542  global $INFO;
543  global $lang;
544
545  if(!getNS($ID)) {
546    $file = metaFN(getNS($ID),'.mlist');
547    $ns = "root";
548  } else {
549    $file = metaFN(getNS($ID),'/.mlist');
550    $ns = getNS($ID);
551  }
552
553  // reuse strings used to display the status of the subscribe action
554  $act_msg = rtrim($act, 'ns');
555
556  if ($act=='subscribens' && !$INFO['subscribedns']){
557    if ($INFO['userinfo']['mail']){
558      if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) {
559        $INFO['subscribedns'] = true;
560        msg(sprintf($lang[$act_msg.'_success'], $INFO['userinfo']['name'], $ns),1);
561      } else {
562        msg(sprintf($lang[$act_msg.'_error'], $INFO['userinfo']['name'], $ns),1);
563      }
564    } else {
565      msg($lang['subscribe_noaddress']);
566    }
567  } elseif ($act=='unsubscribens' && $INFO['subscribedns']){
568    if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) {
569      $INFO['subscribedns'] = false;
570      msg(sprintf($lang[$act_msg.'_success'], $INFO['userinfo']['name'], $ns),1);
571    } else {
572      msg(sprintf($lang[$act_msg.'_error'], $INFO['userinfo']['name'], $ns),1);
573    }
574  }
575
576  return 'show';
577}
578
579//Setup VIM: ex: et ts=2 enc=utf-8 :
580