1<?php 2 3use dokuwiki\Extension\ActionPlugin; 4use dokuwiki\Extension\Event; 5use dokuwiki\Extension\EventHandler; 6use dokuwiki\plugin\extension\Extension; 7use dokuwiki\plugin\extension\GuiExtension; 8 9/** DokuWiki Plugin extension (Action Component) 10 * 11 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 12 * @author Andreas Gohr <andi@splitbrain.org> 13 */ 14class action_plugin_extension extends ActionPlugin 15{ 16 /** 17 * Registers a callback function for a given event 18 * 19 * @param EventHandler $controller DokuWiki's event controller object 20 * @return void 21 */ 22 public function register(EventHandler $controller) 23 { 24 $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleAjaxToggle'); 25 } 26 27 /** 28 * Toggle an extension via AJAX 29 * 30 * Returns the new HTML for the extension 31 * 32 * @param Event $event 33 * @param $param 34 */ 35 public function handleAjaxToggle(Event $event, $param) 36 { 37 global $INPUT; 38 39 if ($event->data != 'plugin_extension') return; 40 $event->preventDefault(); 41 $event->stopPropagation(); 42 43 /** @var admin_plugin_extension $admin */ 44 $admin = plugin_load('admin', 'extension'); 45 if (!$admin->isAccessibleByCurrentUser()) { 46 http_status(403); 47 echo 'Forbidden'; 48 exit; 49 } 50 51 $ext = $INPUT->str('ext'); 52 if (!$ext) { 53 http_status(400); 54 echo 'no extension given'; 55 return; 56 } 57 58 if (getSecurityToken() != $INPUT->str('sectok')) { 59 http_status(403); 60 echo 'Security Token did not match. Possible CSRF attack.'; 61 return; 62 } 63 64 try { 65 $extension = Extension::createFromId($ext); 66 $extension->toggle(); 67 } catch (Exception $e) { 68 http_status(500); 69 echo $e->getMessage(); 70 return; 71 } 72 73 header('Content-Type: text/html; charset=utf-8'); 74 echo (new GuiExtension($extension))->render(); 75 } 76} 77