xref: /dokuwiki/inc/actions.php (revision b158d625b53833ef391800a991ad93d965d9425e) 
1<?php
2/**
3 * DokuWiki Actions
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @author     Andreas Gohr <andi@splitbrain.org>
7 */
8
9  if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../').'/');
10  require_once(DOKU_INC.'inc/template.php');
11
12
13/**
14 * Call the needed action handlers
15 *
16 * @author Andreas Gohr <andi@splitbrain.org>
17 */
18function act_dispatch(){
19  global $INFO;
20  global $ACT;
21  global $ID;
22  global $QUERY;
23  global $lang;
24  global $conf;
25
26  //sanitize $ACT
27  $ACT = act_clean($ACT);
28
29  //check if searchword was given - else just show
30  if($ACT == 'search' && empty($QUERY)){
31    $ACT = 'show';
32  }
33
34  //login stuff
35  if(in_array($ACT,array('login','logout')))
36    $ACT = act_auth($ACT);
37
38  //check if user is asking to track a page
39  if($ACT == 'track' || $ACT == 'ignore')
40    $ACT = act_track($ACT);
41
42  //check permissions
43  $ACT = act_permcheck($ACT);
44
45  //register
46  if($ACT == 'register' && register()){
47    $ACT = 'login';
48  }
49
50  //save
51  if($ACT == 'save')
52    $ACT = act_save($ACT);
53
54  //edit
55  if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){
56    $ACT = act_edit($ACT);
57  }else{
58    unlock($ID); //try to unlock
59  }
60
61  //handle export
62  if(substr($ACT,0,7) == 'export_')
63    $ACT = act_export($ACT);
64
65  //display some infos
66  if($ACT == 'check'){
67    check();
68    $ACT = 'show';
69  }
70
71  //handle admin tasks
72  if($ACT == 'admin'){
73		if($_REQUEST['page'] == 'acl'){
74			require_once(DOKU_INC.'inc/admin_acl.php');
75			admin_acl_handler();
76    }
77  }
78
79  //call template FIXME: all needed vars available?
80  header('Content-Type: text/html; charset=utf-8');
81  include(template('main.php'));
82  // output for the commands is now handled in inc/templates.php
83  // in function tpl_content()
84}
85
86/**
87 * Sanitize the action command
88 *
89 * Add all allowed commands here.
90 *
91 * @author Andreas Gohr <andi@splitbrain.org>
92 */
93function act_clean($act){
94  global $lang;
95
96  //handle localized buttons
97  if($act == $lang['btn_save']) $act = 'save';
98  if($act == $lang['btn_preview']) $act = 'preview';
99  if($act == $lang['btn_cancel']) $act = 'show';
100
101  //remove all bad chars
102  $act = strtolower($act);
103  $act = preg_replace('/[^a-z_]+/','',$act);
104
105  if($act == 'export_html') $act = 'export_xhtml';
106
107  if(array_search($act,array('login','logout','register','save','edit',
108                             'preview','search','show','check','index','revisions',
109                             'diff','recent','backlink','admin','track','ignore',)) === false
110     && substr($act,0,7) != 'export_' ) {
111    msg('Unknown command: '.htmlspecialchars($act),-1);
112    return 'show';
113  }
114  return $act;
115}
116
117/**
118 * Run permissionchecks
119 *
120 * @author Andreas Gohr <andi@splitbrain.org>
121 */
122function act_permcheck($act){
123  global $INFO;
124  global $conf;
125
126  if(in_array($act,array('save','preview','edit'))){
127    if($INFO['exists']){
128      if($act == 'edit'){
129        //the edit function will check again and do a source show
130        //when no AUTH_EDIT available
131        $permneed = AUTH_READ;
132      }else{
133        $permneed = AUTH_EDIT;
134      }
135    }else{
136      $permneed = AUTH_CREATE;
137    }
138  }elseif(in_array($act,array('login','search','recent'))){
139    $permneed = AUTH_NONE;
140  }elseif($act == 'register'){
141    if ($conf['openregister']){
142      $permneed = AUTH_NONE;
143    }else{
144      $permneed = AUTH_ADMIN;
145    }
146  }elseif($act == 'admin'){
147    $permneed = AUTH_ADMIN;
148  }else{
149    $permneed = AUTH_READ;
150  }
151  if($INFO['perm'] >= $permneed) return $act;
152
153  return 'denied';
154}
155
156/**
157 * Handle 'save'
158 *
159 * Checks for spam and conflicts and saves the page.
160 * Does a redirect to show the page afterwards or
161 * returns a new action.
162 *
163 * @author Andreas Gohr <andi@splitbrain.org>
164 */
165function act_save($act){
166  global $ID;
167  global $DATE;
168  global $PRE;
169  global $TEXT;
170  global $SUF;
171  global $SUM;
172
173  //spam check
174  if(checkwordblock())
175    return 'wordblock';
176  //conflict check //FIXME use INFO
177  if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE )
178    return 'conflict';
179
180  //save it
181  saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM); //use pretty mode for con
182  //unlock it
183  unlock($ID);
184
185  //show it
186  session_write_close();
187  header("Location: ".wl($ID,'',true));
188  exit();
189}
190
191/**
192 * Handle 'login', 'logout'
193 *
194 * @author Andreas Gohr <andi@splitbrain.org>
195 */
196function act_auth($act){
197  global $ID;
198
199  //already logged in?
200  if($_SERVER['REMOTE_USER'] && $act=='login')
201    return 'show';
202
203  //handle logout
204  if($act=='logout'){
205    $lockedby = checklock($ID); //page still locked?
206    if($lockedby == $_SERVER['REMOTE_USER'])
207      unlock($ID); //try to unlock
208
209    auth_logoff();
210    return 'login';
211  }
212
213  return $act;
214}
215
216/**
217 * Handle 'edit', 'preview'
218 *
219 * @author Andreas Gohr <andi@splitbrain.org>
220 */
221function act_edit($act){
222  global $ID;
223
224  //check if locked by anyone - if not lock for my self
225  $lockedby = checklock($ID);
226  if($lockedby) return 'locked';
227
228  lock($ID);
229  return $act;
230}
231
232/**
233 * Handle 'edit', 'preview'
234 *
235 * @author Andreas Gohr <andi@splitbrain.org>
236 */
237function act_export($act){
238  global $ID;
239  global $REV;
240
241  // no renderer for this
242  if($act == 'export_raw'){
243    header('Content-Type: text/plain; charset=utf-8');
244    print rawWiki($ID,$REV);
245    exit;
246  }
247
248  // html export #FIXME what about the template's style?
249  if($act == 'export_xhtml'){
250    header('Content-Type: text/html; charset=utf-8');
251    ptln('<html>');
252    ptln('<head>');
253    tpl_metaheaders();
254    ptln('</head>');
255    ptln('<body>');
256    print p_wiki_xhtml($ID,$REV,false);
257    ptln('</body>');
258    ptln('</html>');
259    exit;
260  }
261
262  // try to run renderer #FIXME use cached instructions
263  $mode = substr($act,7);
264  $text = p_render($mode,p_get_instructions(rawWiki($ID,$REV)),$info);
265  if(!is_null($text)){
266    print $text;
267    exit;
268  }
269
270
271
272  return 'show';
273}
274
275/**
276 * Handle 'track', 'ignore'
277 *
278 * @author Steven Danz <steven-danz@kc.rr.com>
279 */
280function act_track($act){
281  global $ID;
282  global $INFO;
283
284  $tracking = tracking($ID, $_SERVER['REMOTE_USER']);
285  $file=wikiMN($ID);
286  if ($act=='track' && !$tracking){
287    if ($INFO['userinfo']['mail']){
288      if (io_appendFile($file,$_SERVER['REMOTE_USER']."\n")) {
289        msg('Added '.$INFO['userinfo']['name'].' to tracking list for '.$ID,0);
290      } else {
291        msg('Error adding '.$INFO['userinfo']['name'].' to tracking list for '.$ID,0);
292      }
293    } else {
294      msg('There is no address associated with your login, you cannot be added to the tracking list',-1);
295    }
296  } elseif ($act=='ignore' && $tracking){
297    if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) {
298      msg('Removed '.$INFO['userinfo']['name'].' from the tracking list for '.$ID,0);
299    } else {
300      msg('Error removing '.$INFO['userinfo']['name'].' to tracking list for '.$ID,0);
301    }
302  }
303
304  return 'show';
305}
306
307
308//Setup VIM: ex: et ts=2 enc=utf-8 :
309