121913ab3SNickeau<?php 221913ab3SNickeau 3*04fd306cSNickeau 428451e1eSgerardnicouse ComboStrap\Identity; 5*04fd306cSNickeauuse ComboStrap\LogUtility; 621913ab3SNickeauuse ComboStrap\PluginUtility; 7*04fd306cSNickeauuse ComboStrap\Tag\WebCodeTag; 8*04fd306cSNickeauuse ComboStrap\XmlTagProcessing; 921913ab3SNickeau 1021913ab3SNickeauif (!defined('DOKU_INC')) die(); 1121913ab3SNickeau 1221913ab3SNickeau/** 1321913ab3SNickeau * 1421913ab3SNickeau */ 1521913ab3SNickeauclass action_plugin_combo_webcode extends DokuWiki_Action_Plugin 1621913ab3SNickeau{ 1721913ab3SNickeau 18531e725cSNickeau 19*04fd306cSNickeau const YOU_DON_T_HAVE_THE_RIGHT = "You don't have the right to save a webcode component."; 2021913ab3SNickeau 2121913ab3SNickeau function register(Doku_Event_Handler $controller) 2221913ab3SNickeau { 2328451e1eSgerardnico 2428451e1eSgerardnico /** 2528451e1eSgerardnico * To enforce security 2628451e1eSgerardnico */ 2728451e1eSgerardnico $controller->register_hook('COMMON_WIKIPAGE_SAVE', 'BEFORE', $this, '_enforceSecurity'); 2828451e1eSgerardnico 2921913ab3SNickeau } 3021913ab3SNickeau 3121913ab3SNickeau 3228451e1eSgerardnico /** 3328451e1eSgerardnico * @param $event Doku_Event https://www.dokuwiki.org/devel:event:common_wikipage_save 3428451e1eSgerardnico * @return void 3528451e1eSgerardnico */ 3628451e1eSgerardnico function _enforceSecurity(Doku_Event &$event) 3728451e1eSgerardnico { 3828451e1eSgerardnico 3928451e1eSgerardnico $data = $event->data; 4028451e1eSgerardnico $text = $data["newContent"]; 41*04fd306cSNickeau $pattern = XmlTagProcessing::getContainerTagPattern(WebCodeTag::TAG); 4228451e1eSgerardnico $result = preg_match("/" . $pattern . "/ms", $text); 4328451e1eSgerardnico if ($result === 0) { 4428451e1eSgerardnico return; 4528451e1eSgerardnico } 4628451e1eSgerardnico 4728451e1eSgerardnico $isAdmin = Identity::isAdmin(); 48*04fd306cSNickeau if ($isAdmin) { 49*04fd306cSNickeau return; 5028451e1eSgerardnico } 5128451e1eSgerardnico 52*04fd306cSNickeau $group = "@" . Identity::CONF_DESIGNER_GROUP_NAME; 53*04fd306cSNickeau $isMember = Identity::isMember($group); 54*04fd306cSNickeau if ($isMember) { 55*04fd306cSNickeau return; 56*04fd306cSNickeau } 57*04fd306cSNickeau 58*04fd306cSNickeau LogUtility::warning(self::YOU_DON_T_HAVE_THE_RIGHT . " You should be admin or part of the ($group) group."); 59*04fd306cSNickeau $event->preventDefault(); 60*04fd306cSNickeau 61*04fd306cSNickeau 6228451e1eSgerardnico } 6321913ab3SNickeau 6421913ab3SNickeau} 65