1<?php 2/** 3 * DokuWiki Actions 4 * 5 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 6 * @author Andreas Gohr <andi@splitbrain.org> 7 */ 8 9 if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../').'/'); 10 require_once(DOKU_INC.'inc/template.php'); 11 12 13/** 14 * Call the needed action handlers 15 * 16 * @author Andreas Gohr <andi@splitbrain.org> 17 */ 18function act_dispatch(){ 19 global $INFO; 20 global $ACT; 21 global $ID; 22 global $QUERY; 23 global $lang; 24 global $conf; 25 26 //sanitize $ACT 27 $ACT = act_clean($ACT); 28 29 //check if searchword was given - else just show 30 if($ACT == 'search' && empty($QUERY)){ 31 $ACT = 'show'; 32 } 33 34 //login stuff 35 if(in_array($ACT,array('login','logout'))) 36 $ACT = act_auth($ACT); 37 38 //check if user is asking to (un)subscribe a page 39 if($ACT == 'subscribe' || $ACT == 'unsubscribe') 40 $ACT = act_subscription($ACT); 41 42 //check permissions 43 $ACT = act_permcheck($ACT); 44 45 //register 46 if($ACT == 'register' && register()){ 47 $ACT = 'login'; 48 } 49 50 //save 51 if($ACT == 'save') 52 $ACT = act_save($ACT); 53 54 //edit 55 if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ 56 $ACT = act_edit($ACT); 57 }else{ 58 unlock($ID); //try to unlock 59 } 60 61 //handle export 62 if(substr($ACT,0,7) == 'export_') 63 $ACT = act_export($ACT); 64 65 //display some infos 66 if($ACT == 'check'){ 67 check(); 68 $ACT = 'show'; 69 } 70 71 //handle admin tasks 72 if($ACT == 'admin'){ 73 // retrieve admin plugin name from $_REQUEST['page'] 74 if ($_REQUEST['page']) { 75 $pluginlist = plugin_list('admin'); 76 if (in_array($_REQUEST['page'], $pluginlist)) { 77 // attempt to load the plugin 78 if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== NULL) 79 $plugin->handle(); 80 } 81 } 82/* 83 if($_REQUEST['page'] == 'acl'){ 84 require_once(DOKU_INC.'inc/admin_acl.php'); 85 admin_acl_handler(); 86 } 87*/ 88 } 89 90 //call template FIXME: all needed vars available? 91 header('Content-Type: text/html; charset=utf-8'); 92 include(template('main.php')); 93 // output for the commands is now handled in inc/templates.php 94 // in function tpl_content() 95} 96 97/** 98 * Sanitize the action command 99 * 100 * Add all allowed commands here. 101 * 102 * @author Andreas Gohr <andi@splitbrain.org> 103 */ 104function act_clean($act){ 105 global $lang; 106 107 //handle localized buttons 108 if($act == $lang['btn_save']) $act = 'save'; 109 if($act == $lang['btn_preview']) $act = 'preview'; 110 if($act == $lang['btn_cancel']) $act = 'show'; 111 112 //remove all bad chars 113 $act = strtolower($act); 114 $act = preg_replace('/[^a-z_]+/','',$act); 115 116 if($act == 'export_html') $act = 'export_xhtml'; 117 118 if(array_search($act,array('login','logout','register','save','edit', 119 'preview','search','show','check','index','revisions', 120 'diff','recent','backlink','admin','subscribe', 121 'unsubscribe',)) === false 122 && substr($act,0,7) != 'export_' ) { 123 msg('Unknown command: '.htmlspecialchars($act),-1); 124 return 'show'; 125 } 126 return $act; 127} 128 129/** 130 * Run permissionchecks 131 * 132 * @author Andreas Gohr <andi@splitbrain.org> 133 */ 134function act_permcheck($act){ 135 global $INFO; 136 global $conf; 137 138 if(in_array($act,array('save','preview','edit'))){ 139 if($INFO['exists']){ 140 if($act == 'edit'){ 141 //the edit function will check again and do a source show 142 //when no AUTH_EDIT available 143 $permneed = AUTH_READ; 144 }else{ 145 $permneed = AUTH_EDIT; 146 } 147 }else{ 148 $permneed = AUTH_CREATE; 149 } 150 }elseif(in_array($act,array('login','search','recent'))){ 151 $permneed = AUTH_NONE; 152 }elseif($act == 'register'){ 153 if ($conf['openregister']){ 154 $permneed = AUTH_NONE; 155 }else{ 156 $permneed = AUTH_ADMIN; 157 } 158 }elseif($act == 'admin'){ 159 $permneed = AUTH_ADMIN; 160 }else{ 161 $permneed = AUTH_READ; 162 } 163 if($INFO['perm'] >= $permneed) return $act; 164 165 return 'denied'; 166} 167 168/** 169 * Handle 'save' 170 * 171 * Checks for spam and conflicts and saves the page. 172 * Does a redirect to show the page afterwards or 173 * returns a new action. 174 * 175 * @author Andreas Gohr <andi@splitbrain.org> 176 */ 177function act_save($act){ 178 global $ID; 179 global $DATE; 180 global $PRE; 181 global $TEXT; 182 global $SUF; 183 global $SUM; 184 185 //spam check 186 if(checkwordblock()) 187 return 'wordblock'; 188 //conflict check //FIXME use INFO 189 if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE ) 190 return 'conflict'; 191 192 //save it 193 saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con 194 //unlock it 195 unlock($ID); 196 197 //show it 198 session_write_close(); 199 header("Location: ".wl($ID,'',true)); 200 exit(); 201} 202 203/** 204 * Handle 'login', 'logout' 205 * 206 * @author Andreas Gohr <andi@splitbrain.org> 207 */ 208function act_auth($act){ 209 global $ID; 210 global $INFO; 211 212 //already logged in? 213 if($_SERVER['REMOTE_USER'] && $act=='login') 214 return 'show'; 215 216 //handle logout 217 if($act=='logout'){ 218 $lockedby = checklock($ID); //page still locked? 219 if($lockedby == $_SERVER['REMOTE_USER']) 220 unlock($ID); //try to unlock 221 222 // do the logout stuff 223 auth_logoff(); 224 225 // rebuild info array 226 $INFO = pageinfo(); 227 228 return 'login'; 229 } 230 231 return $act; 232} 233 234/** 235 * Handle 'edit', 'preview' 236 * 237 * @author Andreas Gohr <andi@splitbrain.org> 238 */ 239function act_edit($act){ 240 global $ID; 241 242 //check if locked by anyone - if not lock for my self 243 $lockedby = checklock($ID); 244 if($lockedby) return 'locked'; 245 246 lock($ID); 247 return $act; 248} 249 250/** 251 * Handle 'edit', 'preview' 252 * 253 * @author Andreas Gohr <andi@splitbrain.org> 254 */ 255function act_export($act){ 256 global $ID; 257 global $REV; 258 259 // no renderer for this 260 if($act == 'export_raw'){ 261 header('Content-Type: text/plain; charset=utf-8'); 262 print rawWiki($ID,$REV); 263 exit; 264 } 265 266 // html export #FIXME what about the template's style? 267 if($act == 'export_xhtml'){ 268 header('Content-Type: text/html; charset=utf-8'); 269 ptln('<html>'); 270 ptln('<head>'); 271 tpl_metaheaders(); 272 ptln('</head>'); 273 ptln('<body>'); 274 print p_wiki_xhtml($ID,$REV,false); 275 ptln('</body>'); 276 ptln('</html>'); 277 exit; 278 } 279 280 // try to run renderer #FIXME use cached instructions 281 $mode = substr($act,7); 282 $text = p_render($mode,p_get_instructions(rawWiki($ID,$REV)),$info); 283 if(!is_null($text)){ 284 print $text; 285 exit; 286 } 287 288 289 290 return 'show'; 291} 292 293/** 294 * Handle 'subscribe', 'unsubscribe' 295 * 296 * @author Steven Danz <steven-danz@kc.rr.com> 297 * @todo localize 298 */ 299function act_subscription($act){ 300 global $ID; 301 global $INFO; 302 global $lang; 303 304 $file=metaFN($ID,'.mlist'); 305 if ($act=='subscribe' && !$INFO['subscribed']){ 306 if ($INFO['userinfo']['mail']){ 307 if (io_saveFile($file,$_SERVER['REMOTE_USER']."\n",true)) { 308 $INFO['subscribed'] = true; 309 msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 310 } else { 311 msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 312 } 313 } else { 314 msg($lang['subscribe_noaddress']); 315 } 316 } elseif ($act=='unsubscribe' && $INFO['subscribed']){ 317 if (io_deleteFromFile($file,$_SERVER['REMOTE_USER']."\n")) { 318 $INFO['subscribed'] = false; 319 msg(sprintf($lang[$act.'_success'], $INFO['userinfo']['name'], $ID),1); 320 } else { 321 msg(sprintf($lang[$act.'_error'], $INFO['userinfo']['name'], $ID),1); 322 } 323 } 324 325 return 'show'; 326} 327 328 329//Setup VIM: ex: et ts=2 enc=utf-8 : 330