15f757686SAndreas Gohr<?php 25f757686SAndreas Gohr 359e7180eSAndreas Gohruse dokuwiki\plugin\diagrams\Diagrams; 459e7180eSAndreas Gohr 55f757686SAndreas Gohr/** 65f757686SAndreas Gohr * Action component of diagrams plugin 75f757686SAndreas Gohr * 859e7180eSAndreas Gohr * This handles operations related to mediafile based diagrams 959e7180eSAndreas Gohr * 1059e7180eSAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 1159e7180eSAndreas Gohr * @author Innovakom + CosmoCode <dokuwiki@cosmocode.de> 125f757686SAndreas Gohr */ 135f757686SAndreas Gohrclass action_plugin_diagrams_mediafile extends DokuWiki_Action_Plugin 145f757686SAndreas Gohr{ 155f757686SAndreas Gohr 1659e7180eSAndreas Gohr /** @var helper_plugin_diagrams */ 1759e7180eSAndreas Gohr protected $helper; 1859e7180eSAndreas Gohr 1959e7180eSAndreas Gohr /** @inheritDoc */ 205f757686SAndreas Gohr public function register(Doku_Event_Handler $controller) 215f757686SAndreas Gohr { 2259e7180eSAndreas Gohr // only register if mediafile mode is enabled 2359e7180eSAndreas Gohr if (!($this->getConf('mode') & Diagrams::MODE_MEDIA)) return; 2459e7180eSAndreas Gohr 255f757686SAndreas Gohr $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleEditCheck'); 2659e7180eSAndreas Gohr $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleNamespaceCheck'); 27*ca5b8841SAndreas Gohr $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleIsDiagramCheck'); 2859e7180eSAndreas Gohr $controller->register_hook('MEDIA_SENDFILE', 'BEFORE', $this, 'handleCSP'); 2959e7180eSAndreas Gohr 3059e7180eSAndreas Gohr $this->helper = plugin_load('helper', 'diagrams'); 315f757686SAndreas Gohr } 325f757686SAndreas Gohr 335f757686SAndreas Gohr /** 345f757686SAndreas Gohr * Check all supplied diagrams and return only editable diagrams 355f757686SAndreas Gohr * 3659e7180eSAndreas Gohr * @param Doku_Event $event AJAX_CALL_UNKNOWN 375f757686SAndreas Gohr */ 385f757686SAndreas Gohr public function handleEditCheck(Doku_Event $event) 395f757686SAndreas Gohr { 405f757686SAndreas Gohr if ($event->data !== 'plugin_diagrams_mediafile_editcheck') return; 415f757686SAndreas Gohr $event->preventDefault(); 425f757686SAndreas Gohr $event->stopPropagation(); 435f757686SAndreas Gohr 445f757686SAndreas Gohr global $INPUT; 455f757686SAndreas Gohr $diagrams = (array)json_decode($INPUT->str('diagrams')); 465f757686SAndreas Gohr 475f757686SAndreas Gohr $editable = []; 485f757686SAndreas Gohr foreach ($diagrams as $image) { 495f757686SAndreas Gohr $image = cleanID($image); 505f757686SAndreas Gohr $file = mediaFN($image); 515f757686SAndreas Gohr 525f757686SAndreas Gohr if ( 535f757686SAndreas Gohr file_exists($file) && 545f757686SAndreas Gohr auth_quickaclcheck($image) >= AUTH_UPLOAD && 5559e7180eSAndreas Gohr $this->helper->isDiagramFile($file) 565f757686SAndreas Gohr ) { 575f757686SAndreas Gohr $editable[] = $image; 585f757686SAndreas Gohr } 595f757686SAndreas Gohr } 605f757686SAndreas Gohr 615f757686SAndreas Gohr echo json_encode($editable); 625f757686SAndreas Gohr } 635f757686SAndreas Gohr 6459e7180eSAndreas Gohr /** 65*ca5b8841SAndreas Gohr * Check if the given media ID is a diagram 66*ca5b8841SAndreas Gohr * 67*ca5b8841SAndreas Gohr * @param Doku_Event $event AJAX_CALL_UNKNOWN 68*ca5b8841SAndreas Gohr */ 69*ca5b8841SAndreas Gohr public function handleIsDiagramCheck(Doku_Event $event) 70*ca5b8841SAndreas Gohr { 71*ca5b8841SAndreas Gohr if ($event->data !== 'plugin_diagrams_mediafile_isdiagramcheck') return; 72*ca5b8841SAndreas Gohr $event->preventDefault(); 73*ca5b8841SAndreas Gohr $event->stopPropagation(); 74*ca5b8841SAndreas Gohr 75*ca5b8841SAndreas Gohr global $INPUT; 76*ca5b8841SAndreas Gohr $diagram = $INPUT->str('diagram'); 77*ca5b8841SAndreas Gohr 78*ca5b8841SAndreas Gohr $file = mediaFN(cleanID($diagram)); 79*ca5b8841SAndreas Gohr if (!file_exists($file)) { 80*ca5b8841SAndreas Gohr http_status(404); 81*ca5b8841SAndreas Gohr echo 0; 82*ca5b8841SAndreas Gohr return; 83*ca5b8841SAndreas Gohr } 84*ca5b8841SAndreas Gohr 85*ca5b8841SAndreas Gohr if (!$this->helper->isDiagramFile($file)) { 86*ca5b8841SAndreas Gohr http_status(403); 87*ca5b8841SAndreas Gohr echo 0; 88*ca5b8841SAndreas Gohr } 89*ca5b8841SAndreas Gohr 90*ca5b8841SAndreas Gohr echo 1; 91*ca5b8841SAndreas Gohr } 92*ca5b8841SAndreas Gohr 93*ca5b8841SAndreas Gohr /** 9459e7180eSAndreas Gohr * Check ACL for supplied namespace 9559e7180eSAndreas Gohr * 9659e7180eSAndreas Gohr * @param Doku_Event $event AJAX_CALL_UNKNOWN 9759e7180eSAndreas Gohr */ 9859e7180eSAndreas Gohr public function handleNamespaceCheck(Doku_Event $event) 9959e7180eSAndreas Gohr { 10059e7180eSAndreas Gohr if ($event->data !== 'plugin_diagrams_mediafile_nscheck') return; 10159e7180eSAndreas Gohr $event->preventDefault(); 10259e7180eSAndreas Gohr $event->stopPropagation(); 10359e7180eSAndreas Gohr 10459e7180eSAndreas Gohr global $INPUT; 10559e7180eSAndreas Gohr $ns = $INPUT->str('ns'); 10659e7180eSAndreas Gohr 10759e7180eSAndreas Gohr echo json_encode(auth_quickaclcheck($ns . ':*') >= AUTH_UPLOAD); 10859e7180eSAndreas Gohr } 10959e7180eSAndreas Gohr 11059e7180eSAndreas Gohr /** 11159e7180eSAndreas Gohr * Add CSP img-src directive to allow loading images from data source 11259e7180eSAndreas Gohr * 11359e7180eSAndreas Gohr * @param Doku_Event $event MEDIA_SENDFILE 11459e7180eSAndreas Gohr */ 11559e7180eSAndreas Gohr public function handleCSP(Doku_Event $event) 11659e7180eSAndreas Gohr { 11759e7180eSAndreas Gohr if ($event->data['ext'] === 'svg' && $this->helper->isDiagramFile($event->data['file'])) { 11859e7180eSAndreas Gohr $event->data['csp']['img-src'] = "self data:"; 11959e7180eSAndreas Gohr $event->data['csp']['sandbox'] = "allow-popups allow-top-navigation allow-same-origin"; 12059e7180eSAndreas Gohr } 12159e7180eSAndreas Gohr } 1225f757686SAndreas Gohr} 123