1<?php
2/**
3 * AJAX Backend for wysiwyg
4 *
5 * @author Luke Howson <mail@lukehowson.com>
6 * @license     GPL 2 (http://www.gnu.org/licenses/gpl.html)
7 */
8
9// TODO:
10//  - robust getID in ajax.php
11
12//fix for Opera XMLHttpRequests
13if(!count($_POST) && @$HTTP_RAW_POST_DATA){
14  parse_str($HTTP_RAW_POST_DATA, $_POST);
15}
16
17if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../').'/');
18require_once(DOKU_INC.'inc/init.php');
19require_once(DOKU_INC.'inc/common.php');
20require_once(DOKU_INC.'inc/events.php');
21require_once(DOKU_INC.'inc/pageutils.php');
22require_once(DOKU_INC.'inc/html.php');
23require_once(DOKU_INC.'inc/auth.php');
24require_once(DOKU_INC.'inc/actions.php');
25require_once(DOKU_INC.'inc/io.php');
26require_once(DOKU_INC.'inc/infoutils.php');
27if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
28//close session
29session_write_close();
30
31$ajax_indexmenu=new ajax_wysiwyg_plugin;
32$action  = $_REQUEST['action'];
33if ($action == 'save') {
34  $ajax_indexmenu->save();
35}
36if ($action == 'edit') {
37  $ajax_indexmenu->edit();
38}
39if ($action == 'quit') {
40  $ajax_indexmenu->quit();
41}
42if ($action == 'checkPerms') {
43  $ajax_indexmenu->checkPerms();
44}
45
46class ajax_wysiwyg_plugin {
47  /**
48   * Save
49   *
50   * @author Luke Howson <mail@lukehowson.com>
51   */
52
53  var $newPage;
54
55  function quit() {
56    global $ID;
57    $ID    = getID();
58    $ID = cleanID($_REQUEST['id']);
59    echo "success";
60    unlock($ID);
61  }
62
63  function save () {
64    global $ID;
65    global $USERINFO;
66    $QUERY = trim($_REQUEST['id']);
67    $ID    = getID();
68    $NS    = getNS($ID);
69    $name  = $_REQUEST['name'];
70    $html  = urldecode($_REQUEST['html']);
71    $temp  = $_COOKIE;
72    $ID = cleanID($_REQUEST['id']);
73    //check permissions
74    $ACT = act_permcheck($ACT);
75    $user = $_SERVER['REMOTE_USER'];
76    $groups = $USERINFO['grps'];
77    $aclLevel = auth_aclcheck($ID,$user,$groups);
78    if ($aclLevel >= AUTH_EDIT) {
79      $fileName = wikiFN($ID);
80      $this->newPage = io_readFile($fileName);
81      $this->newPage = hide_wysiwyg($name, $this->newPage);
82      $this->newPage = insert_wysiwyg($name, $html, $this->newPage);
83      $this->savePage();
84      header('Content-Type: text/html; charset=utf-8');
85      header('Cache-Control: public, max-age=3600');
86      header('Pragma: public');
87      $temp = $_REQUEST;
88      echo "success";
89    }
90    else echo "failure";
91    return;
92  }
93
94  function savePage () {
95    global $ID;
96    global $DATE;
97    global $PRE;
98    global $TEXT;
99    global $SUF;
100    global $SUM;
101
102    //spam check
103    if(checkwordblock())
104      return 'wordblock';
105    //conflict check //FIXME use INFO
106    if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE )
107      return 'conflict';
108
109    //save it
110    saveWikiText($ID,con($PRE,$this->newPage,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con
111    //unlock it
112    unlock($ID);
113
114    //delete draft
115    act_draftdel($act);
116  }
117
118  function edit() {
119    global $ID;
120    global $USERINFO;
121    $user = $_SERVER['REMOTE_USER'];
122    $groups = $USERINFO['grps'];
123    $aclLevel = auth_aclcheck($ID,$user,$groups);
124    if ($aclLevel <  AUTH_EDIT) {
125      echo "noperms";
126      return;
127    }
128    $QUERY = trim($_REQUEST['id']);
129    $ID    = getID();
130    $lock = wikiLockFN($ID);
131    if(!($locker = checklock($ID))) {
132      if($_SERVER['REMOTE_USER']){
133        $success = io_saveFile($lock,$_SERVER['REMOTE_USER']);
134      }else{
135        $success = io_saveFile($lock,clientIP());
136      }
137      if ($success ) echo "success";
138    }
139    else echo "locked:".$locker;
140    return;
141  }
142
143  function checkPerms() {
144    global $ID;
145    global $USERINFO;
146    $QUERY = trim($_REQUEST['id']);
147    $ID    = getID();
148    $user = $_SERVER['REMOTE_USER'];
149    $groups = $USERINFO['grps'];
150    $aclLevel = auth_aclcheck($ID,$user,$groups);
151    if ($aclLevel <  AUTH_EDIT) {
152      echo "noperms";
153    }
154    else {
155      echo "success";
156    }
157    return;
158  }
159}
160