xref: /plugin/diagrams/action/embed.php (revision 8c8c70074e1156a58dbfd89fe9e41e3dd346fb54) 
1<?php
2/**
3 * DokuWiki Plugin diagrams (Action Component)
4 *
5 * This handles loading and saving embedded diagrams
6 *
7 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
8 * @author  Innovakom + CosmoCode <dokuwiki@cosmocode.de>
9 */
10class action_plugin_diagrams_embed extends \dokuwiki\Extension\ActionPlugin
11{
12
13    /** @inheritDoc */
14    public function register(Doku_Event_Handler $controller)
15    {
16        // FIXME only register this when enabled in config
17        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleLoad');
18    }
19
20    /**
21     * Load the SVG for an embedded diagram
22     *
23     * This locks the page for editing
24     *
25     * @see https://www.dokuwiki.org/devel:events:AJAX_CALL_UNKNOWN
26     * @param Doku_Event $event Event object
27     * @param mixed $param optional parameter passed when event was registered
28     * @return void
29     */
30    public function handleLoad(Doku_Event $event, $param) {
31        if($event->data !== 'plugin_diagrams_embed_load') return;
32        $event->preventDefault();
33        $event->stopPropagation();
34
35        global $INPUT;
36
37        $id = $INPUT->str('id');
38        $pos = $INPUT->int('pos');
39        $len = $INPUT->int('len');
40
41        if(auth_quickaclcheck($id) < AUTH_READ) { // FIXME should we check for EDIT perms on read as well?
42            http_status(403);
43            return;
44        }
45
46        if(!page_exists($id)) {
47            http_status(404);
48            return;
49        }
50
51        if(checklock($id)) {
52            http_status(423, 'Page Locked');
53            return;
54        }
55        lock($id); // FIXME we probably need some periodic lock renewal while editing?
56
57        header('Content-Type: image/svg+xml');
58        $svg = rawWiki($id);
59        echo substr($svg, $pos, $len);
60    }
61
62    /**
63     * Save a new embedded diagram
64     *
65     * @see https://www.dokuwiki.org/devel:events:AJAX_CALL_UNKNOWN
66     * @param Doku_Event $event Event object
67     * @param mixed $param optional parameter passed when event was registered
68     * @return void
69     */
70    public function handleSave(Doku_Event $event, $param)
71    {
72        if ($event->data !== 'plugin_diagrams_embed_load') return;
73        $event->preventDefault();
74        $event->stopPropagation();
75
76        global $INPUT;
77
78        $id = $INPUT->str('id');
79        $svg = $INPUT->str('svg'); // FIXME do we want to do any sanity checks on this?
80        $pos = $INPUT->int('pos');
81        $len = $INPUT->int('len');
82
83
84        if(auth_quickaclcheck($id) < AUTH_EDIT) {
85            http_status(403);
86            return;
87        }
88
89        if(!page_exists($id)) {
90            http_status(404);
91            return;
92        }
93
94        if(!checkSecurityToken()) {
95            http_status(403);
96            return;
97        }
98
99        $original = rawWiki($id);
100        $new = substr($original, 0, $pos) . $svg . substr($original, $pos + $len);
101        saveWikiText($id, $new, $this->getLang('embedSaveSummary'));
102        unlock($id);
103        echo 'OK';
104    }
105
106}
107
108