1<?php
2/*
3 *
4 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
5 * @author     Jason Grout <jason-doku@creativetrax.com>>
6 *
7 * Modifications by Sergio (1 Apr 2007), an unidentified author,
8 * and  Niko Paltzer (15 Jan 2010).
9 *
10 *  brought up-to-date with current Dokuwiki Event changes
11 *  and event handling by Myron Turner (April 7 2011);
12 *  new security features (September 2 2011)
13 *  turnermm02@shaw.ca
14 */
15
16// must be run within Dokuwiki
17if(!defined('DOKU_INC')) die();
18
19if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
20require_once(DOKU_PLUGIN.'action.php');
21require_once(DOKU_INC.'inc/init.php');
22
23class action_plugin_newpagetemplate extends DokuWiki_Action_Plugin {
24   var $done = false;
25   var $allow = true;
26  /**
27   * return some info
28   */
29  function getInfo(){
30    return array(
31      'author' => 'Jason Grout, Myron Turner',
32      'email'  => 'jason-doku@creativetrax.com',
33      'date'   => '2007-02-24',
34      'name'   => 'newpagetemplate',
35      'desc'   => 'Loads into the new page creation box a template specified in the $_REQUEST "newpagetemplate" parameter (i.e., can be passed in the URL or as a form value).',
36      'url'    => '',
37    );
38  }
39
40  /**
41   * register the eventhandlers
42   *  Modified by
43   *  @author Myron Turner
44   *  turnermm02@shaw.ca
45   */
46  function register(Doku_Event_Handler $contr){
47
48    $contr->register_hook('COMMON_PAGE_FROMTEMPLATE', 'BEFORE', $this, 'pagefromtemplate', array());
49    $contr->register_hook('COMMON_PAGETPL_LOAD', 'BEFORE', $this, 'pagefromtemplate', array());
50	$contr->register_hook('DOKUWIKI_STARTED', 'AFTER', $this, 'check_acl', array());
51	$contr->register_hook('TPL_CONTENT_DISPLAY', 'BEFORE', $this, 'write_msg', array());
52	$contr->register_hook('HTML_PAGE_FROMTEMPLATE', 'BEFORE', $this, 'pagefromtemplate', array());
53  }
54
55  /**
56   *  pagefromtemplate
57   *  Modified by
58   *  @author Myron Turner
59   *  turnermm02@shaw.ca
60   */
61
62  function pagefromtemplate(Doku_Event $event, $param) {
63    if($this->done) return;
64    $this->done=true;
65
66    if(strlen(trim($_REQUEST['newpagetemplate']))>0) {
67	if(!$this->allow) {
68	   return ;
69	}
70      global $conf;
71      global $INFO;
72      global $ID;
73
74      $tpl = io_readFile(wikiFN($_REQUEST['newpagetemplate']));
75
76      if($this->getConf('userreplace')) {
77        $stringvars =
78            array_map(function($v) { return explode(",",$v,2);}, explode(';',$_REQUEST['newpagevars']));
79        foreach($stringvars as $value) {
80             $tpl = str_replace(trim($value[0]),hsc(trim($value[1])),$tpl);
81	    }
82     }
83
84      if($this->getConf('standardreplace')) {
85        // replace placeholders
86        $file = noNS($ID);
87        $page = cleanID($file) ;
88        if($this->getConf('prettytitles')) {
89            $title= str_replace('_',' ',$page);
90        }
91       else {
92           $title = $page;
93       }
94         if(class_exists('\dokuwiki\\Utf8\PhpString')) {
95            $ucfirst = '\dokuwiki\Utf8\PhpString::ucfirst';
96            $ucwords = '\dokuwiki\\Utf8\PhpString::ucwords';
97            $ucupper = '\dokuwiki\\Utf8\PhpString::strtoupper';
98
99        }
100       else {
101            $ucfirst = 'utf8_ucfirst';
102            $ucwords = 'utf8_ucwords';
103            $ucupper = 'utf8_strtoupper';
104
105        }
106
107        $tpl = str_replace(array(
108                              '@ID@',
109                              '@NS@',
110                              '@CURNS@',
111                              '@!CURNS@',
112                              '@!!CURNS@',
113                              '@!CURNS!@',
114                              '@FILE@',
115                              '@!FILE@',
116                              '@!FILE!@',
117                              '@PAGE@',
118                              '@!PAGE@',
119                              '@!!PAGE@',
120                              '@!PAGE!@',
121                              '@USER@',
122                              '@NAME@',
123                              '@MAIL@',
124                              '@DATE@',
125                              '@EVENT@'
126                           ),
127                           array(
128                              $ID,
129                              getNS($ID),
130                              curNS($ID),
131                              $ucfirst(curNS($ID)),
132                              $ucwords(curNS($ID)),
133                              $ucupper(curNS($ID)),
134                              $file,
135                              $ucfirst($file),
136                              $ucupper($file),
137                              $page,
138                              $ucfirst($title),
139                              $ucwords($title),
140                              $ucupper($title),
141                              $_SERVER['REMOTE_USER'],
142                              $INFO['userinfo']['name'],
143                              $INFO['userinfo']['mail'],
144                              $conf['dformat'],
145                              $event->name ,
146                           ), $tpl);
147
148        // we need the callback to work around strftime's char limit
149          $tpl = preg_replace_callback('/%./',function ($m) {return strftime($m[0]); },$tpl);
150      }
151      if($this->getConf('skip_unset_macros')) {
152          $tpl = preg_replace("/@.*?@/ms","",$tpl);
153      }
154	  if($event->name == 'HTML_PAGE_FROMTEMPLATE') {
155	     $event->result=$tpl;
156	  }
157	  else {
158         $event->data['tpl'] = $tpl;
159      }
160      $event->preventDefault();
161    }
162  }
163
164  public function check_acl(Doku_Event $event,$param) {
165      global $INPUT;
166      if (!$INPUT->has('newpagetemplate')) {
167          return;
168      }
169
170      $pq = trim($INPUT->str('newpagetemplate'), ':');
171      if (auth_quickaclcheck($pq) < AUTH_CREATE) {
172          $this->allow = false;
173      }
174   }
175
176  function write_msg (&$event,$param) {
177    if($this->allow) return;
178    global $ID,$INPUT;
179
180    echo"<h1> Permission Denied </h1>";
181    echo "You do not have access to the template  " . htmlentities($INPUT->str('newpagetemplate')) . '</br>';
182	unlock($ID);
183	$event->preventDefault();
184  }
185}
186