1<?php 2/** 3 * AJAX Backend for wysiwyg 4 * 5 * @author Luke Howson <mail@lukehowson.com> 6 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 7 */ 8 9// TODO: 10// - robust getID in ajax.php 11 12//fix for Opera XMLHttpRequests 13if(!count($_POST) && @$HTTP_RAW_POST_DATA){ 14 parse_str($HTTP_RAW_POST_DATA, $_POST); 15} 16 17if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../').'/'); 18require_once(DOKU_INC.'inc/init.php'); 19require_once(DOKU_INC.'inc/common.php'); 20require_once(DOKU_INC.'inc/events.php'); 21require_once(DOKU_INC.'inc/pageutils.php'); 22require_once(DOKU_INC.'inc/html.php'); 23require_once(DOKU_INC.'inc/auth.php'); 24require_once(DOKU_INC.'inc/actions.php'); 25require_once(DOKU_INC.'inc/io.php'); 26require_once(DOKU_INC.'inc/infoutils.php'); 27if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/'); 28//close session 29session_write_close(); 30 31$ajax_indexmenu=new ajax_wysiwyg_plugin; 32$action = $_REQUEST['action']; 33if ($action == 'save') { 34 $ajax_indexmenu->save(); 35} 36if ($action == 'edit') { 37 $ajax_indexmenu->edit(); 38} 39if ($action == 'quit') { 40 $ajax_indexmenu->quit(); 41} 42if ($action == 'checkPerms') { 43 $ajax_indexmenu->checkPerms(); 44} 45 46class ajax_wysiwyg_plugin { 47 /** 48 * Save 49 * 50 * @author Luke Howson <mail@lukehowson.com> 51 */ 52 53 var $newPage; 54 55 function quit() { 56 global $ID; 57 $ID = getID(); 58 $ID = cleanID($_REQUEST['id']); 59 echo "success"; 60 unlock($ID); 61 } 62 63 function save () { 64 global $ID; 65 global $USERINFO; 66 $QUERY = trim($_REQUEST['id']); 67 $ID = getID(); 68 $NS = getNS($ID); 69 $name = $_REQUEST['name']; 70 $html = urldecode($_REQUEST['html']); 71 $temp = $_COOKIE; 72 $ID = cleanID($_REQUEST['id']); 73 //check permissions 74 $ACT = act_permcheck($ACT); 75 $user = $_SERVER['REMOTE_USER']; 76 $groups = $USERINFO['grps']; 77 $aclLevel = auth_aclcheck($ID,$user,$groups); 78 if ($aclLevel >= AUTH_EDIT) { 79 $fileName = wikiFN($ID); 80 $this->newPage = io_readFile($fileName); 81 $this->newPage = hide_wysiwyg($name, $this->newPage); 82 $this->newPage = insert_wysiwyg($name, $html, $this->newPage); 83 $this->savePage(); 84 header('Content-Type: text/html; charset=utf-8'); 85 header('Cache-Control: public, max-age=3600'); 86 header('Pragma: public'); 87 $temp = $_REQUEST; 88 echo "success"; 89 } 90 else echo "failure"; 91 return; 92 } 93 94 function savePage () { 95 global $ID; 96 global $DATE; 97 global $PRE; 98 global $TEXT; 99 global $SUF; 100 global $SUM; 101 102 //spam check 103 if(checkwordblock()) 104 return 'wordblock'; 105 //conflict check //FIXME use INFO 106 if($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE ) 107 return 'conflict'; 108 109 //save it 110 saveWikiText($ID,con($PRE,$this->newPage,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con 111 //unlock it 112 unlock($ID); 113 114 //delete draft 115 act_draftdel($act); 116 } 117 118 function edit() { 119 global $ID; 120 global $USERINFO; 121 $user = $_SERVER['REMOTE_USER']; 122 $groups = $USERINFO['grps']; 123 $aclLevel = auth_aclcheck($ID,$user,$groups); 124 if ($aclLevel < AUTH_EDIT) { 125 echo "noperms"; 126 return; 127 } 128 $QUERY = trim($_REQUEST['id']); 129 $ID = getID(); 130 $lock = wikiLockFN($ID); 131 if(!($locker = checklock($ID))) { 132 if($_SERVER['REMOTE_USER']){ 133 $success = io_saveFile($lock,$_SERVER['REMOTE_USER']); 134 }else{ 135 $success = io_saveFile($lock,clientIP()); 136 } 137 if ($success ) echo "success"; 138 } 139 else echo "locked:".$locker; 140 return; 141 } 142 143 function checkPerms() { 144 global $ID; 145 global $USERINFO; 146 $QUERY = trim($_REQUEST['id']); 147 $ID = getID(); 148 $user = $_SERVER['REMOTE_USER']; 149 $groups = $USERINFO['grps']; 150 $aclLevel = auth_aclcheck($ID,$user,$groups); 151 if ($aclLevel < AUTH_EDIT) { 152 echo "noperms"; 153 } 154 else { 155 echo "success"; 156 } 157 return; 158 } 159} 160