xref: /plugin/diagrams/action/mediafile.php (revision 59e7180efcc3e125683f24f98a466ef29145cfce)
15f757686SAndreas Gohr<?php
25f757686SAndreas Gohr
3*59e7180eSAndreas Gohruse dokuwiki\plugin\diagrams\Diagrams;
4*59e7180eSAndreas Gohr
55f757686SAndreas Gohr/**
65f757686SAndreas Gohr * Action component of diagrams plugin
75f757686SAndreas Gohr *
8*59e7180eSAndreas Gohr * This handles operations related to mediafile based diagrams
9*59e7180eSAndreas Gohr *
10*59e7180eSAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
11*59e7180eSAndreas Gohr * @author  Innovakom + CosmoCode <dokuwiki@cosmocode.de>
125f757686SAndreas Gohr */
135f757686SAndreas Gohrclass action_plugin_diagrams_mediafile extends DokuWiki_Action_Plugin
145f757686SAndreas Gohr{
155f757686SAndreas Gohr
16*59e7180eSAndreas Gohr    /** @var helper_plugin_diagrams */
17*59e7180eSAndreas Gohr    protected $helper;
18*59e7180eSAndreas Gohr
19*59e7180eSAndreas Gohr    /** @inheritDoc */
205f757686SAndreas Gohr    public function register(Doku_Event_Handler $controller)
215f757686SAndreas Gohr    {
22*59e7180eSAndreas Gohr        // only register if mediafile mode is enabled
23*59e7180eSAndreas Gohr        if (!($this->getConf('mode') & Diagrams::MODE_MEDIA)) return;
24*59e7180eSAndreas Gohr
255f757686SAndreas Gohr        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleEditCheck');
26*59e7180eSAndreas Gohr        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleNamespaceCheck');
27*59e7180eSAndreas Gohr        $controller->register_hook('MEDIA_SENDFILE', 'BEFORE', $this, 'handleCSP');
28*59e7180eSAndreas Gohr
29*59e7180eSAndreas Gohr        $this->helper = plugin_load('helper', 'diagrams');
305f757686SAndreas Gohr    }
315f757686SAndreas Gohr
325f757686SAndreas Gohr    /**
335f757686SAndreas Gohr     * Check all supplied diagrams and return only editable diagrams
345f757686SAndreas Gohr     *
35*59e7180eSAndreas Gohr     * @param Doku_Event $event AJAX_CALL_UNKNOWN
365f757686SAndreas Gohr     */
375f757686SAndreas Gohr    public function handleEditCheck(Doku_Event $event)
385f757686SAndreas Gohr    {
395f757686SAndreas Gohr        if ($event->data !== 'plugin_diagrams_mediafile_editcheck') return;
405f757686SAndreas Gohr        $event->preventDefault();
415f757686SAndreas Gohr        $event->stopPropagation();
425f757686SAndreas Gohr
435f757686SAndreas Gohr        global $INPUT;
445f757686SAndreas Gohr        $diagrams = (array)json_decode($INPUT->str('diagrams'));
455f757686SAndreas Gohr
465f757686SAndreas Gohr        $editable = [];
475f757686SAndreas Gohr        foreach ($diagrams as $image) {
485f757686SAndreas Gohr            $image = cleanID($image);
495f757686SAndreas Gohr            $file = mediaFN($image);
505f757686SAndreas Gohr
515f757686SAndreas Gohr            if (
525f757686SAndreas Gohr                file_exists($file) &&
535f757686SAndreas Gohr                auth_quickaclcheck($image) >= AUTH_UPLOAD &&
54*59e7180eSAndreas Gohr                $this->helper->isDiagramFile($file)
555f757686SAndreas Gohr            ) {
565f757686SAndreas Gohr                $editable[] = $image;
575f757686SAndreas Gohr            }
585f757686SAndreas Gohr        }
595f757686SAndreas Gohr
605f757686SAndreas Gohr        echo json_encode($editable);
615f757686SAndreas Gohr    }
625f757686SAndreas Gohr
63*59e7180eSAndreas Gohr    /**
64*59e7180eSAndreas Gohr     * Check ACL for supplied namespace
65*59e7180eSAndreas Gohr     *
66*59e7180eSAndreas Gohr     * @param Doku_Event $event AJAX_CALL_UNKNOWN
67*59e7180eSAndreas Gohr     */
68*59e7180eSAndreas Gohr    public function handleNamespaceCheck(Doku_Event $event)
69*59e7180eSAndreas Gohr    {
70*59e7180eSAndreas Gohr        if ($event->data !== 'plugin_diagrams_mediafile_nscheck') return;
71*59e7180eSAndreas Gohr        $event->preventDefault();
72*59e7180eSAndreas Gohr        $event->stopPropagation();
73*59e7180eSAndreas Gohr
74*59e7180eSAndreas Gohr        global $INPUT;
75*59e7180eSAndreas Gohr        $ns = $INPUT->str('ns');
76*59e7180eSAndreas Gohr
77*59e7180eSAndreas Gohr        echo json_encode(auth_quickaclcheck($ns . ':*') >= AUTH_UPLOAD);
78*59e7180eSAndreas Gohr    }
79*59e7180eSAndreas Gohr
80*59e7180eSAndreas Gohr    /**
81*59e7180eSAndreas Gohr     * Add CSP img-src directive to allow loading images from data source
82*59e7180eSAndreas Gohr     *
83*59e7180eSAndreas Gohr     * @param Doku_Event $event MEDIA_SENDFILE
84*59e7180eSAndreas Gohr     */
85*59e7180eSAndreas Gohr    public function handleCSP(Doku_Event $event)
86*59e7180eSAndreas Gohr    {
87*59e7180eSAndreas Gohr        if ($event->data['ext'] === 'svg' && $this->helper->isDiagramFile($event->data['file'])) {
88*59e7180eSAndreas Gohr            $event->data['csp']['img-src'] = "self data:";
89*59e7180eSAndreas Gohr            $event->data['csp']['sandbox'] = "allow-popups allow-top-navigation allow-same-origin";
90*59e7180eSAndreas Gohr        }
91*59e7180eSAndreas Gohr    }
925f757686SAndreas Gohr}
93