xref: /plugin/diagrams/action/mediafile.php (revision 046ca1447d01a47b6caa55952ebefa80c90967a9) 
1<?php
2
3use dokuwiki\plugin\diagrams\Diagrams;
4
5/**
6 * Action component of diagrams plugin
7 *
8 * This handles operations related to mediafile based diagrams
9 *
10 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
11 * @author  Innovakom + CosmoCode <dokuwiki@cosmocode.de>
12 */
13class action_plugin_diagrams_mediafile extends DokuWiki_Action_Plugin
14{
15
16    /** @var helper_plugin_diagrams */
17    protected $helper;
18
19    /** @inheritDoc */
20    public function register(Doku_Event_Handler $controller)
21    {
22        // only register if mediafile mode is enabled
23        if (!($this->getConf('mode') & Diagrams::MODE_MEDIA)) return;
24
25        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleEditCheck');
26        $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleNamespaceCheck');
27        $controller->register_hook('MEDIA_SENDFILE', 'BEFORE', $this, 'handleCSP');
28
29        $this->helper = plugin_load('helper', 'diagrams');
30    }
31
32    /**
33     * Check all supplied diagrams and return only editable diagrams
34     *
35     * @param Doku_Event $event AJAX_CALL_UNKNOWN
36     */
37    public function handleEditCheck(Doku_Event $event)
38    {
39        if ($event->data !== 'plugin_diagrams_mediafile_editcheck') return;
40        $event->preventDefault();
41        $event->stopPropagation();
42
43        global $INPUT;
44        $diagrams = (array)json_decode($INPUT->str('diagrams'));
45
46        $editable = [];
47        foreach ($diagrams as $image) {
48            $image = cleanID($image);
49            $file = mediaFN($image);
50
51            if (
52                file_exists($file) &&
53                auth_quickaclcheck($image) >= AUTH_UPLOAD &&
54                $this->helper->isDiagramFile($file)
55            ) {
56                $editable[] = $image;
57            }
58        }
59
60        echo json_encode($editable);
61    }
62
63    /**
64     * Check ACL for supplied namespace
65     *
66     * @param Doku_Event $event AJAX_CALL_UNKNOWN
67     */
68    public function handleNamespaceCheck(Doku_Event $event)
69    {
70        if ($event->data !== 'plugin_diagrams_mediafile_nscheck') return;
71        $event->preventDefault();
72        $event->stopPropagation();
73
74        global $INPUT;
75        $ns = $INPUT->str('ns');
76
77        echo json_encode(auth_quickaclcheck($ns . ':*') >= AUTH_UPLOAD);
78    }
79
80    /**
81     * Add CSP img-src directive to allow loading images from data source
82     *
83     * @param Doku_Event $event MEDIA_SENDFILE
84     */
85    public function handleCSP(Doku_Event $event)
86    {
87        if ($event->data['ext'] === 'svg' && $this->helper->isDiagramFile($event->data['file'])) {
88            $event->data['csp']['img-src'] = "self data:";
89            $event->data['csp']['sandbox'] = "allow-popups allow-top-navigation allow-same-origin";
90        }
91    }
92}
93