xref: /dokuwiki/inc/actions.php (revision 520cadd250eb13d2b77e0b7417d5b202648ab81d) 
1<?php
2/**
3 * DokuWiki Actions
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 */
8
9  if(!defined('DOKU_INC')) define('DOKU_INC',fullpath(dirname(__FILE__).'/../').'/');
10  require_once(DOKU_INC.'inc/template.php');
11
12
13/**
14 * Call the needed action handlers
15 *
16 * @author Andreas Gohr <andi@splitbrain.org>
17 * @triggers ACTION_ACT_PREPROCESS
18 * @triggers ACTION_HEADERS_SEND
19 */
20function act_dispatch(){
21  global $INFO;
22  global $ACT;
23  global $ID;
24  global $QUERY;
25  global $lang;
26  global $conf;
27
28  $preact = $ACT;
29
30  // give plugins an opportunity to process the action
31  $evt = new Doku_Event('ACTION_ACT_PREPROCESS',$ACT);
32  if ($evt->advise_before()) {
33
34    //sanitize $ACT
35    $ACT = act_clean($ACT);
36
37    //check if searchword was given - else just show
38    $s = cleanID($QUERY);
39    if($ACT == 'search' && empty($s)){
40      $ACT = 'show';
41    }
42
43    //login stuff
44    if(in_array($ACT,array('login','logout'))){
45        $ACT = act_auth($ACT);
46    }
47
48    //check if user is asking to (un)subscribe a page
49    if($ACT == 'subscribe' || $ACT == 'unsubscribe')
50      $ACT = act_subscription($ACT);
51
52    //check if user is asking to (un)subscribe a namespace
53    if($ACT == 'subscribens' || $ACT == 'unsubscribens')
54      $ACT = act_subscriptionns($ACT);
55
56    //check permissions
57    $ACT = act_permcheck($ACT);
58
59    //register
60    $nil = array();
61    if($ACT == 'register' && $_POST['save'] && register()){
62      $ACT = 'login';
63    }
64
65    if ($ACT == 'resendpwd' && act_resendpwd()) {
66      $ACT = 'login';
67    }
68
69    //update user profile
70    if (($ACT == 'profile') && updateprofile()) {
71      msg($lang['profchanged'],1);
72      $ACT = 'show';
73    }
74
75    //save
76    if($ACT == 'save'){
77      if(checkSecurityToken()){
78        $ACT = act_save($ACT);
79      }else{
80        $ACT = 'show';
81      }
82    }
83
84    //cancel conflicting edit
85    if($ACT == 'cancel')
86      $ACT = 'show';
87
88    //draft deletion
89    if($ACT == 'draftdel')
90      $ACT = act_draftdel($ACT);
91
92    //draft saving on preview
93    if($ACT == 'preview')
94      $ACT = act_draftsave($ACT);
95
96    //edit
97    if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){
98      $ACT = act_edit($ACT);
99    }else{
100      unlock($ID); //try to unlock
101    }
102
103    //handle export
104    if(substr($ACT,0,7) == 'export_')
105      $ACT = act_export($ACT);
106
107    //display some infos
108    if($ACT == 'check'){
109      check();
110      $ACT = 'show';
111    }
112
113    //handle admin tasks
114    if($ACT == 'admin'){
115      // retrieve admin plugin name from $_REQUEST['page']
116      if (!empty($_REQUEST['page'])) {
117          $pluginlist = plugin_list('admin');
118          if (in_array($_REQUEST['page'], $pluginlist)) {
119            // attempt to load the plugin
120            if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== NULL)
121                $plugin->handle();
122          }
123      }
124    }
125
126    // check permissions again - the action may have changed
127    $ACT = act_permcheck($ACT);
128  }  // end event ACTION_ACT_PREPROCESS default action
129  $evt->advise_after();
130  unset($evt);
131
132  // when action 'show', the intial not 'show' and POST, do a redirect
133  if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
134    act_redirect($ID,$preact);
135  }
136
137  //call template FIXME: all needed vars available?
138  $headers[] = 'Content-Type: text/html; charset=utf-8';
139  trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders');
140
141  include(template('main.php'));
142  // output for the commands is now handled in inc/templates.php
143  // in function tpl_content()
144}
145
146function act_sendheaders($headers) {
147  foreach ($headers as $hdr) header($hdr);
148}
149
150/**
151 * Sanitize the action command
152 *
153 * Add all allowed commands here.
154 *
155 * @author Andreas Gohr <andi@splitbrain.org>
156 */
157function act_clean($act){
158  global $lang;
159  global $conf;
160
161  // check if the action was given as array key
162  if(is_array($act)){
163    list($act) = array_keys($act);
164  }
165
166  //remove all bad chars
167  $act = strtolower($act);
168  $act = preg_replace('/[^1-9a-z_]+/','',$act);
169
170  if($act == 'export_html') $act = 'export_xhtml';
171  if($act == 'export_htmlbody') $act = 'export_xhtmlbody';
172
173  // check if action is disabled
174  if(!actionOK($act)){
175    msg('Command disabled: '.htmlspecialchars($act),-1);
176    return 'show';
177  }
178
179  //disable all acl related commands if ACL is disabled
180  if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin',
181                                             'subscribe','unsubscribe','profile',
182                                             'resendpwd','subscribens','unsubscribens',))){
183    msg('Command unavailable: '.htmlspecialchars($act),-1);
184    return 'show';
185  }
186
187  if(!in_array($act,array('login','logout','register','save','cancel','edit','draft',
188                          'preview','search','show','check','index','revisions',
189                          'diff','recent','backlink','admin','subscribe',
190                          'unsubscribe','profile','resendpwd','recover','wordblock',
191                          'draftdel','subscribens','unsubscribens',)) && substr($act,0,7) != 'export_' ) {
192    msg('Command unknown: '.htmlspecialchars($act),-1);
193    return 'show';
194  }
195  return $act;
196}
197
198/**
199 * Run permissionchecks
200 *
201 * @author Andreas Gohr <andi@splitbrain.org>
202 */
203function act_permcheck($act){
204  global $INFO;
205  global $conf;
206
207  if(in_array($act,array('save','preview','edit','recover'))){
208    if($INFO['exists']){
209      if($act == 'edit'){
210        //the edit function will check again and do a source show
211        //when no AUTH_EDIT available
212        $permneed = AUTH_READ;
213      }else{
214        $permneed = AUTH_EDIT;
215      }
216    }else{
217      $permneed = AUTH_CREATE;
218    }
219  }elseif(in_array($act,array('login','search','recent','profile'))){
220    $permneed = AUTH_NONE;
221  }elseif($act == 'register'){
222    $permneed = AUTH_NONE;
223  }elseif($act == 'resendpwd'){
224    $permneed = AUTH_NONE;
225  }elseif($act == 'admin'){
226    if($INFO['ismanager']){
227      // if the manager has the needed permissions for a certain admin
228      // action is checked later
229      $permneed = AUTH_READ;
230    }else{
231      $permneed = AUTH_ADMIN;
232    }
233  }else{
234    $permneed = AUTH_READ;
235  }
236  if($INFO['perm'] >= $permneed) return $act;
237
238  return 'denied';
239}
240
241/**
242 * Handle 'draftdel'
243 *
244 * Deletes the draft for the current page and user
245 */
246function act_draftdel($act){
247  global $INFO;
248  @unlink($INFO['draft']);
249  $INFO['draft'] = null;
250  return 'show';
251}
252
253/**
254 * Saves a draft on preview
255 *
256 * @todo this currently duplicates code from ajax.php :-/
257 */
258function act_draftsave($act){
259  global $INFO;
260  global $ID;
261  global $conf;
262  if($conf['usedraft'] && $_POST['wikitext']){
263    $draft = array('id'     => $ID,
264                   'prefix' => $_POST['prefix'],
265                   'text'   => $_POST['wikitext'],
266                   'suffix' => $_POST['suffix'],
267                   'date'   => $_POST['date'],
268                   'client' => $INFO['client'],
269                  );
270    $cname = getCacheName($draft['client'].$ID,'.draft');
271    if(io_saveFile($cname,serialize($draft))){
272      $INFO['draft'] = $cname;
273    }
274  }
275  return $act;
276}
277
278/**
279 * Handle 'save'
280 *
281 * Checks for spam and conflicts and saves the page.
282 * Does a redirect to show the page afterwards or
283 * returns a new action.
284 *
285 * @author Andreas Gohr <andi@splitbrain.org>
286 */
287function act_save($act){
288  global $ID;
289  global $DATE;
290  global $PRE;
291  global $TEXT;
292  global $SUF;
293  global $SUM;
294
295  //spam check
296  if(checkwordblock())
297    return 'wordblock';
298  //conflict check //FIXME use INFO
299  if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE )
300    return 'conflict';
301
302  //save it
303  saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con
304  //unlock it
305  unlock($ID);
306
307  //delete draft
308  act_draftdel($act);
309  session_write_close();
310
311  // when done, show page
312  return 'show';
313}
314
315/**
316 * Do a redirect after receiving post data
317 *
318 * Tries to add the section id as hash mark after section editing
319 */
320function act_redirect($id,$preact){
321  global $PRE;
322  global $TEXT;
323  global $MSG;
324
325  //are there any undisplayed messages? keep them in session for display
326  //on the next page
327  if(isset($MSG) && count($MSG)){
328    //reopen session, store data and close session again
329    @session_start();
330    $_SESSION[DOKU_COOKIE]['msg'] = $MSG;
331    session_write_close();
332  }
333
334  //get section name when coming from section edit
335  if($PRE && preg_match('/^\s*==+([^=\n]+)/',$TEXT,$match)){
336    #FIXME duplicates code from xhtml renderer
337    $title = $match[0];
338    $title = str_replace(':','',cleanID($title));
339    $title = ltrim($title,'0123456789._-');
340    if(empty($title)) $title='section';
341  }
342
343  $opts = array(
344    'id'       => $id,
345    'fragment' => $title,
346    'preact'   => $preact
347  );
348  trigger_event('ACTION_SHOW_REDIRECT',$opts,'act_redirect_execute');
349}
350
351function act_redirect_execute($opts){
352  $go = wl($opts['id'],'',true);
353  if($opts['fragment']) $go .= '#'.$opts['fragment'];
354
355  //show it
356  header("Location: $go");
357  exit();
358}
359
360/**
361 * Handle 'login', 'logout'
362 *
363 * @author Andreas Gohr <andi@splitbrain.org>
364 */
365function act_auth($act){
366  global $ID;
367  global $INFO;
368
369  //already logged in?
370  if($_SERVER['REMOTE_USER'] && $act=='login'){
371    return 'show';
372  }
373
374  //handle logout
375  if($act=='logout'){
376    $lockedby = checklock($ID); //page still locked?
377    if($lockedby == $_SERVER['REMOTE_USER'])
378      unlock($ID); //try to unlock
379
380    // do the logout stuff
381    auth_logoff();
382
383    // rebuild info array
384    $INFO = pageinfo();
385
386    return 'login';
387  }
388
389  return $act;
390}
391
392/**
393 * Handle 'edit', 'preview'
394 *
395 * @author Andreas Gohr <andi@splitbrain.org>
396 */
397function act_edit($act){
398  global $ID;
399  global $INFO;
400
401  //check if locked by anyone - if not lock for my self
402  $lockedby = checklock($ID);
403  if($lockedby) return 'locked';
404
405  lock($ID);
406  return $act;
407}
408
409/**
410 * Export a wiki page for various formats
411 *
412 * Triggers ACTION_EXPORT_POSTPROCESS
413 *
414 *  Event data:
415 *    data['id']      -- page id
416 *    data['mode']    -- requested export mode
417 *    data['headers'] -- export headers
418 *    data['output']  -- export output
419 *
420 * @author Andreas Gohr <andi@splitbrain.org>
421 * @author Michael Klier <chi@chimeric.de>
422 */
423function act_export($act){
424  global $ID;
425  global $REV;
426  global $conf;
427  global $lang;
428
429  $pre = '';
430  $post = '';
431  $output = '';
432  $headers = array();
433
434  // search engines: never cache exported docs! (Google only currently)
435  $headers['X-Robots-Tag'] = 'noindex';
436
437  $mode = substr($act,7);
438  switch($mode) {
439    case 'raw':
440      $headers['Content-Type'] = 'text/plain; charse=utf-8';
441      $output = rawWiki($ID,$REV);
442      break;
443    case 'xhtml':
444      $pre .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"' . DOKU_LF;
445      $pre .= ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . DOKU_LF;
446      $pre .= '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$conf['lang'].'"' . DOKU_LF;
447      $pre .= ' lang="'.$conf['lang'].'" dir="'.$lang['direction'].'">' . DOKU_LF;
448      $pre .= '<head>' . DOKU_LF;
449      $pre .= '  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' . DOKU_LF;
450      $pre .= '  <title>'.$ID.'</title>' . DOKU_LF;
451
452      // get metaheaders
453      ob_start();
454      tpl_metaheaders();
455      $pre .= ob_get_clean();
456
457      $pre .= '</head>' . DOKU_LF;
458      $pre .= '<body>' . DOKU_LF;
459      $pre .= '<div class="dokuwiki export">' . DOKU_LF;
460
461      // get toc
462      $pre .= tpl_toc(true);
463
464      $headers['Content-Type'] = 'text/html; charset=utf-8';
465      $output = p_wiki_xhtml($ID,$REV,false);
466
467      $post .= '</div>' . DOKU_LF;
468      $post .= '</body>' . DOKU_LF;
469      $post .= '</html>' . DOKU_LF;
470      break;
471    case 'xhtmlbody':
472      $headers['Content-Type'] = 'text/html; charset=utf-8';
473      $output = p_wiki_xhtml($ID,$REV,false);
474      break;
475    default:
476      $headers = p_get_metadata($ID,"format $mode");
477      $output = p_cached_output(wikiFN($ID,$REV), $mode);
478      break;
479  }
480
481  // prepare event data
482  $data = array();
483  $data['id'] = $ID;
484  $data['mode'] = $mode;
485  $data['headers'] = $headers;
486  $data['output'] =& $output;
487
488  trigger_event('ACTION_EXPORT_POSTPROCESS', $data);
489
490  if(!empty($data['output'])){
491    if(is_array($data['headers'])) foreach($data['headers'] as $key => $val){
492      header("$key: $val");
493    }
494    print $pre.$data['output'].$post;
495    exit;
496  }
497  return 'show';
498}
499
500/**
501 * Handle page 'subscribe', 'unsubscribe'
502 *
503 * @author Steven Danz <steven-danz@kc.rr.com>
504 * @todo   localize
505 */
506function act_subscription($act){
507  global $ID;
508  global $INFO;
509  global $lang;
510
511  $file=metaFN($ID,'.mlist');
512  if ($act=='subscribe' && !$INFO['subscribed']){
513    if ($INFO['userinfo']['mail']){
514      if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) {
515        $INFO['subscribed'] = true;
516        msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1);
517      } else {
518        msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1);
519      }
520    } else {
521      msg($lang['subscribe_noaddress']);
522    }
523  } elseif ($act=='unsubscribe' && $INFO['subscribed']){
524    if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) {
525      $INFO['subscribed'] = false;
526      msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1);
527    } else {
528      msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1);
529    }
530  }
531
532  return 'show';
533}
534
535/**
536 * Handle namespace 'subscribe', 'unsubscribe'
537 *
538 */
539function act_subscriptionns($act){
540  global $ID;
541  global $INFO;
542  global $lang;
543
544  if(!getNS($ID)) {
545    $file = metaFN(getNS($ID),'.mlist');
546    $ns = "root";
547  } else {
548    $file = metaFN(getNS($ID),'/.mlist');
549    $ns = getNS($ID);
550  }
551
552  // reuse strings used to display the status of the subscribe action
553  $act_msg = rtrim($act, 'ns');
554
555  if ($act=='subscribens' && !$INFO['subscribedns']){
556    if ($INFO['userinfo']['mail']){
557      if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) {
558        $INFO['subscribedns'] = true;
559        msg(sprintf($lang[$act_msg.'_success'], $INFO['userinfo']['name'], $ns),1);
560      } else {
561        msg(sprintf($lang[$act_msg.'_error'], $INFO['userinfo']['name'], $ns),1);
562      }
563    } else {
564      msg($lang['subscribe_noaddress']);
565    }
566  } elseif ($act=='unsubscribens' && $INFO['subscribedns']){
567    if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) {
568      $INFO['subscribedns'] = false;
569      msg(sprintf($lang[$act_msg.'_success'], $INFO['userinfo']['name'], $ns),1);
570    } else {
571      msg(sprintf($lang[$act_msg.'_error'], $INFO['userinfo']['name'], $ns),1);
572    }
573  }
574
575  return 'show';
576}
577
578//Setup VIM: ex: et ts=2 enc=utf-8 :
579