1<?php 2/** 3 * DokuWiki Actions 4 * 5 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 6 * @author Andreas Gohr <andi@splitbrain.org> 7 */ 8 9if(!defined('DOKU_INC')) die('meh.'); 10 11/** 12 * Call the needed action handlers 13 * 14 * @author Andreas Gohr <andi@splitbrain.org> 15 * @triggers ACTION_ACT_PREPROCESS 16 * @triggers ACTION_HEADERS_SEND 17 */ 18function act_dispatch(){ 19 global $INFO; 20 global $ACT; 21 global $ID; 22 global $QUERY; 23 global $lang; 24 global $conf; 25 global $license; 26 27 $preact = $ACT; 28 29 // give plugins an opportunity to process the action 30 $evt = new Doku_Event('ACTION_ACT_PREPROCESS',$ACT); 31 if ($evt->advise_before()) { 32 33 //sanitize $ACT 34 $ACT = act_clean($ACT); 35 36 //check if searchword was given - else just show 37 $s = cleanID($QUERY); 38 if($ACT == 'search' && empty($s)){ 39 $ACT = 'show'; 40 } 41 42 //login stuff 43 if(in_array($ACT,array('login','logout'))){ 44 $ACT = act_auth($ACT); 45 } 46 47 //check if user is asking to (un)subscribe a page 48 if($ACT == 'subscribe') { 49 try { 50 $ACT = act_subscription($ACT); 51 } catch (Exception $e) { 52 msg($e->getMessage(), -1); 53 } 54 } 55 56 //check permissions 57 $ACT = act_permcheck($ACT); 58 59 //sitemap 60 if ($ACT == 'sitemap') 61 $ACT = act_sitemap($ACT); 62 63 //register 64 $nil = array(); 65 if($ACT == 'register' && $_POST['save'] && register()){ 66 $ACT = 'login'; 67 } 68 69 if ($ACT == 'resendpwd' && act_resendpwd()) { 70 $ACT = 'login'; 71 } 72 73 //update user profile 74 if ($ACT == 'profile') { 75 if(!$_SERVER['REMOTE_USER']) { 76 $ACT = 'login'; 77 } else { 78 if(updateprofile()) { 79 msg($lang['profchanged'],1); 80 $ACT = 'show'; 81 } 82 } 83 } 84 85 //revert 86 if($ACT == 'revert'){ 87 if(checkSecurityToken()){ 88 $ACT = act_revert($ACT); 89 }else{ 90 $ACT = 'show'; 91 } 92 } 93 94 //save 95 if($ACT == 'save'){ 96 if(checkSecurityToken()){ 97 $ACT = act_save($ACT); 98 }else{ 99 $ACT = 'show'; 100 } 101 } 102 103 //cancel conflicting edit 104 if($ACT == 'cancel') 105 $ACT = 'show'; 106 107 //draft deletion 108 if($ACT == 'draftdel') 109 $ACT = act_draftdel($ACT); 110 111 //draft saving on preview 112 if($ACT == 'preview') 113 $ACT = act_draftsave($ACT); 114 115 //edit 116 if(in_array($ACT, array('edit', 'preview', 'recover'))) { 117 $ACT = act_edit($ACT); 118 }else{ 119 unlock($ID); //try to unlock 120 } 121 122 //handle export 123 if(substr($ACT,0,7) == 'export_') 124 $ACT = act_export($ACT); 125 126 //display some infos 127 if($ACT == 'check'){ 128 check(); 129 $ACT = 'show'; 130 } 131 132 //handle admin tasks 133 if($ACT == 'admin'){ 134 // retrieve admin plugin name from $_REQUEST['page'] 135 if (!empty($_REQUEST['page'])) { 136 $pluginlist = plugin_list('admin'); 137 if (in_array($_REQUEST['page'], $pluginlist)) { 138 // attempt to load the plugin 139 if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null) 140 $plugin->handle(); 141 } 142 } 143 } 144 145 // check permissions again - the action may have changed 146 $ACT = act_permcheck($ACT); 147 } // end event ACTION_ACT_PREPROCESS default action 148 $evt->advise_after(); 149 unset($evt); 150 151 // when action 'show', the intial not 'show' and POST, do a redirect 152 if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ 153 act_redirect($ID,$preact); 154 } 155 156 //call template FIXME: all needed vars available? 157 $headers[] = 'Content-Type: text/html; charset=utf-8'; 158 trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders'); 159 160 include(template('main.php')); 161 // output for the commands is now handled in inc/templates.php 162 // in function tpl_content() 163} 164 165function act_sendheaders($headers) { 166 foreach ($headers as $hdr) header($hdr); 167} 168 169/** 170 * Sanitize the action command 171 * 172 * Add all allowed commands here. 173 * 174 * @author Andreas Gohr <andi@splitbrain.org> 175 */ 176function act_clean($act){ 177 global $lang; 178 global $conf; 179 180 // check if the action was given as array key 181 if(is_array($act)){ 182 list($act) = array_keys($act); 183 } 184 185 //remove all bad chars 186 $act = strtolower($act); 187 $act = preg_replace('/[^1-9a-z_]+/','',$act); 188 189 if($act == 'export_html') $act = 'export_xhtml'; 190 if($act == 'export_htmlbody') $act = 'export_xhtmlbody'; 191 192 if($act === '') $act = 'show'; 193 194 // check if action is disabled 195 if(!actionOK($act)){ 196 msg('Command disabled: '.htmlspecialchars($act),-1); 197 return 'show'; 198 } 199 200 //disable all acl related commands if ACL is disabled 201 if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin', 202 'subscribe','unsubscribe','profile','revert', 203 'resendpwd','subscribens','unsubscribens',))){ 204 msg('Command unavailable: '.htmlspecialchars($act),-1); 205 return 'show'; 206 } 207 208 if(!in_array($act,array('login','logout','register','save','cancel','edit','draft', 209 'preview','search','show','check','index','revisions', 210 'diff','recent','backlink','admin','subscribe','revert', 211 'unsubscribe','profile','resendpwd','recover', 212 'draftdel','subscribens','unsubscribens','sitemap')) && substr($act,0,7) != 'export_' ) { 213 msg('Command unknown: '.htmlspecialchars($act),-1); 214 return 'show'; 215 } 216 return $act; 217} 218 219/** 220 * Run permissionchecks 221 * 222 * @author Andreas Gohr <andi@splitbrain.org> 223 */ 224function act_permcheck($act){ 225 global $INFO; 226 global $conf; 227 228 if(in_array($act,array('save','preview','edit','recover'))){ 229 if($INFO['exists']){ 230 if($act == 'edit'){ 231 //the edit function will check again and do a source show 232 //when no AUTH_EDIT available 233 $permneed = AUTH_READ; 234 }else{ 235 $permneed = AUTH_EDIT; 236 } 237 }else{ 238 $permneed = AUTH_CREATE; 239 } 240 }elseif(in_array($act,array('login','search','recent','profile','index', 'sitemap'))){ 241 }elseif(in_array($act,array('login','search','recent','profile','sitemap'))){ 242 $permneed = AUTH_NONE; 243 }elseif($act == 'revert'){ 244 $permneed = AUTH_ADMIN; 245 if($INFO['ismanager']) $permneed = AUTH_EDIT; 246 }elseif($act == 'register'){ 247 $permneed = AUTH_NONE; 248 }elseif($act == 'resendpwd'){ 249 $permneed = AUTH_NONE; 250 }elseif($act == 'admin'){ 251 if($INFO['ismanager']){ 252 // if the manager has the needed permissions for a certain admin 253 // action is checked later 254 $permneed = AUTH_READ; 255 }else{ 256 $permneed = AUTH_ADMIN; 257 } 258 }else{ 259 $permneed = AUTH_READ; 260 } 261 if($INFO['perm'] >= $permneed) return $act; 262 263 return 'denied'; 264} 265 266/** 267 * Handle 'draftdel' 268 * 269 * Deletes the draft for the current page and user 270 */ 271function act_draftdel($act){ 272 global $INFO; 273 @unlink($INFO['draft']); 274 $INFO['draft'] = null; 275 return 'show'; 276} 277 278/** 279 * Saves a draft on preview 280 * 281 * @todo this currently duplicates code from ajax.php :-/ 282 */ 283function act_draftsave($act){ 284 global $INFO; 285 global $ID; 286 global $conf; 287 if($conf['usedraft'] && $_POST['wikitext']){ 288 $draft = array('id' => $ID, 289 'prefix' => $_POST['prefix'], 290 'text' => $_POST['wikitext'], 291 'suffix' => $_POST['suffix'], 292 'date' => $_POST['date'], 293 'client' => $INFO['client'], 294 ); 295 $cname = getCacheName($draft['client'].$ID,'.draft'); 296 if(io_saveFile($cname,serialize($draft))){ 297 $INFO['draft'] = $cname; 298 } 299 } 300 return $act; 301} 302 303/** 304 * Handle 'save' 305 * 306 * Checks for spam and conflicts and saves the page. 307 * Does a redirect to show the page afterwards or 308 * returns a new action. 309 * 310 * @author Andreas Gohr <andi@splitbrain.org> 311 */ 312function act_save($act){ 313 global $ID; 314 global $DATE; 315 global $PRE; 316 global $TEXT; 317 global $SUF; 318 global $SUM; 319 global $lang; 320 global $INFO; 321 322 //spam check 323 if(checkwordblock()) { 324 msg($lang['wordblock'], -1); 325 return 'edit'; 326 } 327 //conflict check 328 if($DATE != 0 && $INFO['meta']['date']['modified'] > $DATE ) 329 return 'conflict'; 330 331 //save it 332 saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con 333 //unlock it 334 unlock($ID); 335 336 //delete draft 337 act_draftdel($act); 338 session_write_close(); 339 340 // when done, show page 341 return 'show'; 342} 343 344/** 345 * Revert to a certain revision 346 * 347 * @author Andreas Gohr <andi@splitbrain.org> 348 */ 349function act_revert($act){ 350 global $ID; 351 global $REV; 352 global $lang; 353 // FIXME $INFO['writable'] currently refers to the attic version 354 // global $INFO; 355 // if (!$INFO['writable']) { 356 // return 'show'; 357 // } 358 359 // when no revision is given, delete current one 360 // FIXME this feature is not exposed in the GUI currently 361 $text = ''; 362 $sum = $lang['deleted']; 363 if($REV){ 364 $text = rawWiki($ID,$REV); 365 if(!$text) return 'show'; //something went wrong 366 $sum = $lang['restored']; 367 } 368 369 // spam check 370 371 if (checkwordblock($text)) { 372 msg($lang['wordblock'], -1); 373 return 'edit'; 374 } 375 376 saveWikiText($ID,$text,$sum,false); 377 msg($sum,1); 378 379 //delete any draft 380 act_draftdel($act); 381 session_write_close(); 382 383 // when done, show current page 384 $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect 385 $REV = ''; 386 return 'show'; 387} 388 389/** 390 * Do a redirect after receiving post data 391 * 392 * Tries to add the section id as hash mark after section editing 393 */ 394function act_redirect($id,$preact){ 395 global $PRE; 396 global $TEXT; 397 398 $opts = array( 399 'id' => $id, 400 'preact' => $preact 401 ); 402 //get section name when coming from section edit 403 if($PRE && preg_match('/^\s*==+([^=\n]+)/',$TEXT,$match)){ 404 $check = false; //Byref 405 $opts['fragment'] = sectionID($match[0], $check); 406 } 407 408 trigger_event('ACTION_SHOW_REDIRECT',$opts,'act_redirect_execute'); 409} 410 411function act_redirect_execute($opts){ 412 $go = wl($opts['id'],'',true); 413 if(isset($opts['fragment'])) $go .= '#'.$opts['fragment']; 414 415 //show it 416 send_redirect($go); 417} 418 419/** 420 * Handle 'login', 'logout' 421 * 422 * @author Andreas Gohr <andi@splitbrain.org> 423 */ 424function act_auth($act){ 425 global $ID; 426 global $INFO; 427 428 //already logged in? 429 if(isset($_SERVER['REMOTE_USER']) && $act=='login'){ 430 return 'show'; 431 } 432 433 //handle logout 434 if($act=='logout'){ 435 $lockedby = checklock($ID); //page still locked? 436 if($lockedby == $_SERVER['REMOTE_USER']) 437 unlock($ID); //try to unlock 438 439 // do the logout stuff 440 auth_logoff(); 441 442 // rebuild info array 443 $INFO = pageinfo(); 444 445 act_redirect($ID,'login'); 446 } 447 448 return $act; 449} 450 451/** 452 * Handle 'edit', 'preview', 'recover' 453 * 454 * @author Andreas Gohr <andi@splitbrain.org> 455 */ 456function act_edit($act){ 457 global $ID; 458 global $INFO; 459 460 global $TEXT; 461 global $RANGE; 462 global $PRE; 463 global $SUF; 464 global $REV; 465 global $SUM; 466 global $lang; 467 global $DATE; 468 469 if (!isset($TEXT)) { 470 if ($INFO['exists']) { 471 if ($RANGE) { 472 list($PRE,$TEXT,$SUF) = rawWikiSlices($RANGE,$ID,$REV); 473 } else { 474 $TEXT = rawWiki($ID,$REV); 475 } 476 } else { 477 $TEXT = pageTemplate($ID); 478 } 479 } 480 481 //set summary default 482 if(!$SUM){ 483 if($REV){ 484 $SUM = $lang['restored']; 485 }elseif(!$INFO['exists']){ 486 $SUM = $lang['created']; 487 } 488 } 489 490 // Use the date of the newest revision, not of the revision we edit 491 // This is used for conflict detection 492 if(!$DATE) $DATE = $INFO['meta']['date']['modified']; 493 494 //check if locked by anyone - if not lock for my self 495 $lockedby = checklock($ID); 496 if($lockedby) return 'locked'; 497 498 lock($ID); 499 return $act; 500} 501 502/** 503 * Export a wiki page for various formats 504 * 505 * Triggers ACTION_EXPORT_POSTPROCESS 506 * 507 * Event data: 508 * data['id'] -- page id 509 * data['mode'] -- requested export mode 510 * data['headers'] -- export headers 511 * data['output'] -- export output 512 * 513 * @author Andreas Gohr <andi@splitbrain.org> 514 * @author Michael Klier <chi@chimeric.de> 515 */ 516function act_export($act){ 517 global $ID; 518 global $REV; 519 global $conf; 520 global $lang; 521 522 $pre = ''; 523 $post = ''; 524 $output = ''; 525 $headers = array(); 526 527 // search engines: never cache exported docs! (Google only currently) 528 $headers['X-Robots-Tag'] = 'noindex'; 529 530 $mode = substr($act,7); 531 switch($mode) { 532 case 'raw': 533 $headers['Content-Type'] = 'text/plain; charset=utf-8'; 534 $headers['Content-Disposition'] = 'attachment; filename='.noNS($ID).'.txt'; 535 $output = rawWiki($ID,$REV); 536 break; 537 case 'xhtml': 538 $pre .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"' . DOKU_LF; 539 $pre .= ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . DOKU_LF; 540 $pre .= '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$conf['lang'].'"' . DOKU_LF; 541 $pre .= ' lang="'.$conf['lang'].'" dir="'.$lang['direction'].'">' . DOKU_LF; 542 $pre .= '<head>' . DOKU_LF; 543 $pre .= ' <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' . DOKU_LF; 544 $pre .= ' <title>'.$ID.'</title>' . DOKU_LF; 545 546 // get metaheaders 547 ob_start(); 548 tpl_metaheaders(); 549 $pre .= ob_get_clean(); 550 551 $pre .= '</head>' . DOKU_LF; 552 $pre .= '<body>' . DOKU_LF; 553 $pre .= '<div class="dokuwiki export">' . DOKU_LF; 554 555 // get toc 556 $pre .= tpl_toc(true); 557 558 $headers['Content-Type'] = 'text/html; charset=utf-8'; 559 $output = p_wiki_xhtml($ID,$REV,false); 560 561 $post .= '</div>' . DOKU_LF; 562 $post .= '</body>' . DOKU_LF; 563 $post .= '</html>' . DOKU_LF; 564 break; 565 case 'xhtmlbody': 566 $headers['Content-Type'] = 'text/html; charset=utf-8'; 567 $output = p_wiki_xhtml($ID,$REV,false); 568 break; 569 default: 570 $output = p_cached_output(wikiFN($ID,$REV), $mode); 571 $headers = p_get_metadata($ID,"format $mode"); 572 break; 573 } 574 575 // prepare event data 576 $data = array(); 577 $data['id'] = $ID; 578 $data['mode'] = $mode; 579 $data['headers'] = $headers; 580 $data['output'] =& $output; 581 582 trigger_event('ACTION_EXPORT_POSTPROCESS', $data); 583 584 if(!empty($data['output'])){ 585 if(is_array($data['headers'])) foreach($data['headers'] as $key => $val){ 586 header("$key: $val"); 587 } 588 print $pre.$data['output'].$post; 589 exit; 590 } 591 return 'show'; 592} 593 594/** 595 * Handle sitemap delivery 596 * 597 * @author Michael Hamann <michael@content-space.de> 598 */ 599function act_sitemap($act) { 600 global $conf; 601 602 if (!$conf['sitemap']) { 603 header("HTTP/1.0 404 Not Found"); 604 print "Sitemap generation is disabled."; 605 exit; 606 } 607 608 $sitemap = $conf['cachedir'].'/sitemap.xml'; 609 if($conf['compression'] == 'bz2' || $conf['compression'] == 'gz'){ 610 $mime = 'application/x-gzip'; 611 $sitemap .= '.gz'; 612 } else { 613 $mime = 'application/xml; charset=utf-8'; 614 } 615 616 // Check if sitemap file exists, otherwise create it 617 if (!is_readable($sitemap)) { 618 Sitemapper::generate(); 619 } 620 621 if (is_readable($sitemap)) { 622 // Send headers 623 header('Content-Type: '.$mime); 624 625 // Send file 626 //use x-sendfile header to pass the delivery to compatible webservers 627 if (http_sendfile($sitemap)) exit; 628 629 $fp = @fopen($sitemap,"rb"); 630 if($fp){ 631 http_rangeRequest($fp,filesize($sitemap),$mime); 632 exit; 633 } 634 } 635 636 header("HTTP/1.0 500 Internal Server Error"); 637 print "Could not read $sitemap - bad permissions?"; 638 exit; 639} 640 641/** 642 * Handle page 'subscribe' 643 * 644 * Throws exception on error. 645 * 646 * @author Adrian Lang <lang@cosmocode.de> 647 */ 648function act_subscription($act){ 649 global $lang; 650 global $INFO; 651 global $ID; 652 653 // subcriptions work for logged in users only 654 if(!$_SERVER['REMOTE_USER']) return 'show'; 655 656 // get and preprocess data. 657 $params = array(); 658 foreach(array('target', 'style', 'action') as $param) { 659 if (isset($_REQUEST["sub_$param"])) { 660 $params[$param] = $_REQUEST["sub_$param"]; 661 } 662 } 663 664 // any action given? if not just return and show the subscription page 665 if(!$params['action'] || !checkSecurityToken()) return $act; 666 667 // Handle POST data, may throw exception. 668 trigger_event('ACTION_HANDLE_SUBSCRIBE', $params, 'subscription_handle_post'); 669 670 $target = $params['target']; 671 $style = $params['style']; 672 $data = $params['data']; 673 $action = $params['action']; 674 675 // Perform action. 676 if (!subscription_set($_SERVER['REMOTE_USER'], $target, $style, $data)) { 677 throw new Exception(sprintf($lang["subscr_{$action}_error"], 678 hsc($INFO['userinfo']['name']), 679 prettyprint_id($target))); 680 } 681 msg(sprintf($lang["subscr_{$action}_success"], hsc($INFO['userinfo']['name']), 682 prettyprint_id($target)), 1); 683 act_redirect($ID, $act); 684 685 // Assure that we have valid data if act_redirect somehow fails. 686 $INFO['subscribed'] = get_info_subscribed(); 687 return 'show'; 688} 689 690/** 691 * Validate POST data 692 * 693 * Validates POST data for a subscribe or unsubscribe request. This is the 694 * default action for the event ACTION_HANDLE_SUBSCRIBE. 695 * 696 * @author Adrian Lang <lang@cosmocode.de> 697 */ 698function subscription_handle_post(&$params) { 699 global $INFO; 700 global $lang; 701 702 // Get and validate parameters. 703 if (!isset($params['target'])) { 704 throw new Exception('no subscription target given'); 705 } 706 $target = $params['target']; 707 $valid_styles = array('every', 'digest'); 708 if (substr($target, -1, 1) === ':') { 709 // Allow “list” subscribe style since the target is a namespace. 710 $valid_styles[] = 'list'; 711 } 712 $style = valid_input_set('style', $valid_styles, $params, 713 'invalid subscription style given'); 714 $action = valid_input_set('action', array('subscribe', 'unsubscribe'), 715 $params, 'invalid subscription action given'); 716 717 // Check other conditions. 718 if ($action === 'subscribe') { 719 if ($INFO['userinfo']['mail'] === '') { 720 throw new Exception($lang['subscr_subscribe_noaddress']); 721 } 722 } elseif ($action === 'unsubscribe') { 723 $is = false; 724 foreach($INFO['subscribed'] as $subscr) { 725 if ($subscr['target'] === $target) { 726 $is = true; 727 } 728 } 729 if ($is === false) { 730 throw new Exception(sprintf($lang['subscr_not_subscribed'], 731 $_SERVER['REMOTE_USER'], 732 prettyprint_id($target))); 733 } 734 // subscription_set deletes a subscription if style = null. 735 $style = null; 736 } 737 738 $data = in_array($style, array('list', 'digest')) ? time() : null; 739 $params = compact('target', 'style', 'data', 'action'); 740} 741 742//Setup VIM: ex: et ts=2 enc=utf-8 : 743