1<?php
2/*
3 *
4 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
5 * @author     Jason Grout <jason-doku@creativetrax.com>>
6 *
7 * Modifications by Sergio (1 Apr 2007), an unidentified author,
8 * and  Niko Paltzer (15 Jan 2010).
9 *
10 *  brought up-to-date with current Dokuwiki Event changes
11 *  and event handling by Myron Turner (April 7 2011);
12 *  new security features (September 2 2011)
13 *  turnermm02@shaw.ca
14 */
15
16// must be run within Dokuwiki
17if(!defined('DOKU_INC')) die();
18
19if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
20
21class action_plugin_newpagetemplate extends DokuWiki_Action_Plugin {
22   var $done = false;
23   var $allow = true;
24  /**
25   * return some info
26   */
27  function getInfo(){
28    return array(
29      'author' => 'Jason Grout, Myron Turner',
30      'email'  => 'jason-doku@creativetrax.com',
31      'date'   => '2007-02-24',
32      'name'   => 'newpagetemplate',
33      'desc'   => 'Loads into the new page creation box a template specified in the $_REQUEST "newpagetemplate" parameter (i.e., can be passed in the URL or as a form value).',
34      'url'    => '',
35    );
36  }
37
38  /**
39   * register the eventhandlers
40   *  Modified by
41   *  @author Myron Turner
42   *  turnermm02@shaw.ca
43   */
44  function register(Doku_Event_Handler $contr){
45
46    $contr->register_hook('COMMON_PAGE_FROMTEMPLATE', 'BEFORE', $this, 'pagefromtemplate', array());
47    $contr->register_hook('COMMON_PAGETPL_LOAD', 'BEFORE', $this, 'pagefromtemplate', array());
48    $contr->register_hook('DOKUWIKI_STARTED', 'AFTER', $this, 'check_acl', array());
49    $contr->register_hook('TPL_CONTENT_DISPLAY', 'BEFORE', $this, 'write_msg', array());
50    $contr->register_hook('HTML_PAGE_FROMTEMPLATE', 'BEFORE', $this, 'pagefromtemplate', array());
51  }
52
53  /**
54   *  pagefromtemplate
55   *  Modified by
56   *  @author Myron Turner
57   *  turnermm02@shaw.ca
58   */
59
60  function pagefromtemplate(Doku_Event $event, $param) {
61    if($this->done) return;
62    $this->done=true;
63
64    global $INPUT;
65    $template = trim($INPUT->str('newpagetemplate'));
66
67    if(!empty($template)) {
68      if(!$this->allow) {
69         return;
70      }
71      global $conf;
72      global $INFO;
73      global $ID;
74
75      $tpl = io_readFile(wikiFN($template));
76
77      if($this->getConf('userreplace')) {
78        $stringvars = array_map(
79            function($v) {
80                return sexplode(',', $v, 2, '');
81            },
82            explode(';', $INPUT->str('newpagevars'))
83        );
84        foreach($stringvars as $value) {
85             $tpl = str_replace(trim($value[0]),hsc(trim($value[1])),$tpl);
86        }
87      }
88
89      if($this->getConf('standardreplace')) {
90        // replace placeholders
91        $file = noNS($ID);
92        $page = cleanID($file) ;
93        if($this->getConf('prettytitles')) {
94          $title= str_replace('_',' ',$page);
95        }
96        else {
97          $title = $page;
98        }
99
100        if(class_exists('\dokuwiki\\Utf8\PhpString')) {
101          $ucfirst = '\dokuwiki\Utf8\PhpString::ucfirst';
102          $ucwords = '\dokuwiki\\Utf8\PhpString::ucwords';
103          $ucupper = '\dokuwiki\\Utf8\PhpString::strtoupper';
104        }
105        else {
106          $ucfirst = 'utf8_ucfirst';
107          $ucwords = 'utf8_ucwords';
108          $ucupper = 'utf8_strtoupper';
109        }
110
111        $tpl = str_replace(array(
112                              '@ID@',
113                              '@NS@',
114                              '@CURNS@',
115                              '@!CURNS@',
116                              '@!!CURNS@',
117                              '@!CURNS!@',
118                              '@FILE@',
119                              '@!FILE@',
120                              '@!FILE!@',
121                              '@PAGE@',
122                              '@!PAGE@',
123                              '@!!PAGE@',
124                              '@!PAGE!@',
125                              '@USER@',
126                              '@NAME@',
127                              '@MAIL@',
128                              '@DATE@',
129                              '@EVENT@'
130                           ),
131                           array(
132                              $ID,
133                              getNS($ID),
134                              curNS($ID),
135                              $ucfirst(curNS($ID)),
136                              $ucwords(curNS($ID)),
137                              $ucupper(curNS($ID)),
138                              $file,
139                              $ucfirst($file),
140                              $ucupper($file),
141                              $page,
142                              $ucfirst($title),
143                              $ucwords($title),
144                              $ucupper($title),
145                              $_SERVER['REMOTE_USER'],
146                              $INFO['userinfo']['name'],
147                              $INFO['userinfo']['mail'],
148                              $conf['dformat'],
149                              $event->name ,
150                           ),
151                           $tpl
152        );
153
154        // we need the callback to work around strftime's char limit
155        $tpl = preg_replace_callback('/%./',
156            function ($m) {
157              return strftime($m[0]);
158            },
159            $tpl
160        );
161      }
162      if($this->getConf('skip_unset_macros')) {
163        $tpl = preg_replace("/@.*?@/ms","",$tpl);
164      }
165      if($event->name == 'HTML_PAGE_FROMTEMPLATE') {
166        $event->result=$tpl;
167      }
168      else {
169        $event->data['tpl'] = $tpl;
170      }
171      $event->preventDefault();
172    }
173  }
174
175  public function check_acl(Doku_Event $event,$param) {
176      global $INPUT;
177      if (!$INPUT->has('newpagetemplate')) {
178          return;
179      }
180
181      $pq = trim($INPUT->str('newpagetemplate'), ':');
182      if (auth_quickaclcheck($pq) < AUTH_CREATE) {
183          $this->allow = false;
184      }
185   }
186
187  function write_msg (&$event,$param) {
188    if($this->allow) return;
189    global $ID,$INPUT;
190
191    echo"<h1> Permission Denied </h1>";
192    echo "You do not have access to the template  " . htmlentities($INPUT->str('newpagetemplate')) . '</br>';
193    unlock($ID);
194    $event->preventDefault();
195  }
196}
197