From 8265594d98708c1c993489099402d9ee27d2a289 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 15:55:16 +0200 Subject: move ajax.php to action.php. Fixes FS#2233 --- lib/plugins/acl/action.php | 92 ++++++++++++++++++++++++++++++++++++++++++++++ lib/plugins/acl/script.js | 9 +++-- 2 files changed, 97 insertions(+), 4 deletions(-) create mode 100644 lib/plugins/acl/action.php (limited to 'lib/plugins') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php new file mode 100644 index 000000000..92a93865c --- /dev/null +++ b/lib/plugins/acl/action.php @@ -0,0 +1,92 @@ + + */ + +// must be run within Dokuwiki +if(!defined('DOKU_INC')) die(); + +/** + * Register handler + */ +class action_plugin_acl extends DokuWiki_Action_Plugin { + + /** + * Registers a callback function for a given event + * + * @param Doku_Event_Handler $controller DokuWiki's event controller object + * @return void + */ + public function register(Doku_Event_Handler &$controller) { + + $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handle_ajax_call_acl'); + + } + + /** + * AJAX call handler for ACL plugin + * + * @param Doku_Event $event event object by reference + * @param mixed $param empty + * @return void + */ + + public function handle_ajax_call_acl(Doku_Event &$event, $param) { + if ($event->data !== 'plugin_acl') { + return; + } + $event->stopPropagation(); + $event->preventDefault(); + + + //close session + session_write_close(); + + global $conf; + global $ID; + global $INPUT; + + //fix for Opera XMLHttpRequests + $postData = http_get_raw_post_data(); + if(!count($_POST) && !empty($postData)){ + parse_str($postData, $_POST); + } + + if(!auth_isadmin()) die('for admins only'); + if(!checkSecurityToken()) die('CRSF Attack'); + + $ID = getID(); + + /** @var $acl admin_plugin_acl */ + $acl = plugin_load('admin','acl'); + $acl->handle(); + + $ajax = $INPUT->str('ajax'); + header('Content-Type: text/html; charset=utf-8'); + + if($ajax == 'info'){ + $acl->_html_info(); + }elseif($ajax == 'tree'){ + + $dir = $conf['datadir']; + $ns = $INPUT->str('ns'); + if($ns == '*'){ + $ns =''; + } + $ns = cleanID($ns); + $lvl = count(explode(':',$ns)); + $ns = utf8_encodeFN(str_replace(':','/',$ns)); + + $data = $acl->_get_tree($ns,$ns); + + foreach(array_keys($data) as $item){ + $data[$item]['level'] = $lvl+1; + } + echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), + array($acl, '_html_li_acl')); + } + } +} \ No newline at end of file diff --git a/lib/plugins/acl/script.js b/lib/plugins/acl/script.js index 0abb80d67..58598b1e0 100644 --- a/lib/plugins/acl/script.js +++ b/lib/plugins/acl/script.js @@ -25,9 +25,10 @@ var dw_acl = { var $frm = jQuery('#acl__detail form'); jQuery.post( - DOKU_BASE + 'lib/plugins/acl/ajax.php', + DOKU_BASE + 'lib/exe/ajax.php', jQuery.extend(dw_acl.parseatt($clicky.parent().find('a')[0].search), - {ajax: 'tree', + {call: 'plugin_acl', + ajax: 'tree', current_ns: $frm.find('input[name=ns]').val(), current_id: $frm.find('input[name=id]').val()}), show_sublist, @@ -64,8 +65,8 @@ var dw_acl = { .attr('role', 'alert') .html('...') .load( - DOKU_BASE + 'lib/plugins/acl/ajax.php', - jQuery('#acl__detail form').serialize() + '&ajax=info' + DOKU_BASE + 'lib/exe/ajax.php', + jQuery('#acl__detail form').serialize() + '&call=plugin_acl&ajax=info' ); return false; }, -- cgit v1.2.3 From d4e2226677c742531e589ebd2b45fdd4553322ad Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 15:56:52 +0200 Subject: remove unused variable --- lib/plugins/acl/action.php | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/plugins') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 92a93865c..373d6cbb0 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -71,7 +71,6 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { $acl->_html_info(); }elseif($ajax == 'tree'){ - $dir = $conf['datadir']; $ns = $INPUT->str('ns'); if($ns == '*'){ $ns =''; -- cgit v1.2.3 From 219fe1dcb7250b332a77278fd31f20e5da10846c Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 16:00:45 +0200 Subject: Code reformatting and remove unused global conf --- lib/plugins/acl/action.php | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 373d6cbb0..01842250e 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -30,62 +30,62 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { * AJAX call handler for ACL plugin * * @param Doku_Event $event event object by reference - * @param mixed $param empty + * @param mixed $param empty * @return void */ public function handle_ajax_call_acl(Doku_Event &$event, $param) { - if ($event->data !== 'plugin_acl') { + if($event->data !== 'plugin_acl') { return; } $event->stopPropagation(); $event->preventDefault(); - //close session session_write_close(); - global $conf; global $ID; global $INPUT; //fix for Opera XMLHttpRequests $postData = http_get_raw_post_data(); - if(!count($_POST) && !empty($postData)){ + if(!count($_POST) && !empty($postData)) { parse_str($postData, $_POST); } if(!auth_isadmin()) die('for admins only'); if(!checkSecurityToken()) die('CRSF Attack'); - $ID = getID(); + $ID = getID(); /** @var $acl admin_plugin_acl */ - $acl = plugin_load('admin','acl'); + $acl = plugin_load('admin', 'acl'); $acl->handle(); $ajax = $INPUT->str('ajax'); header('Content-Type: text/html; charset=utf-8'); - if($ajax == 'info'){ + if($ajax == 'info') { $acl->_html_info(); - }elseif($ajax == 'tree'){ + } elseif($ajax == 'tree') { - $ns = $INPUT->str('ns'); - if($ns == '*'){ - $ns =''; + $ns = $INPUT->str('ns'); + if($ns == '*') { + $ns = ''; } - $ns = cleanID($ns); - $lvl = count(explode(':',$ns)); - $ns = utf8_encodeFN(str_replace(':','/',$ns)); + $ns = cleanID($ns); + $lvl = count(explode(':', $ns)); + $ns = utf8_encodeFN(str_replace(':', '/', $ns)); - $data = $acl->_get_tree($ns,$ns); + $data = $acl->_get_tree($ns, $ns); - foreach(array_keys($data) as $item){ - $data[$item]['level'] = $lvl+1; + foreach(array_keys($data) as $item) { + $data[$item]['level'] = $lvl + 1; } - echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), - array($acl, '_html_li_acl')); + echo html_buildlist( + $data, 'acl', array($acl, '_html_list_acl'), + array($acl, '_html_li_acl') + ); } } } \ No newline at end of file -- cgit v1.2.3 From 07be12a51cc4c7850e57b25c6c1bd86ca0004a00 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 16:04:31 +0200 Subject: acl ajax: replace die() by return --- lib/plugins/acl/action.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 01842250e..bac518fcd 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -53,8 +53,8 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { parse_str($postData, $_POST); } - if(!auth_isadmin()) die('for admins only'); - if(!checkSecurityToken()) die('CRSF Attack'); + if(!auth_isadmin()) return; + if(!checkSecurityToken()) return; $ID = getID(); -- cgit v1.2.3 From 00dd0e7e7ab5bc29658e4be85336841af70b6b97 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 16:12:01 +0200 Subject: acl ajax: add messages to returns --- lib/plugins/acl/action.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index bac518fcd..6111aca42 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -53,8 +53,14 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { parse_str($postData, $_POST); } - if(!auth_isadmin()) return; - if(!checkSecurityToken()) return; + if(!auth_isadmin()) { + echo 'for admins only'; + return; + } + if(!checkSecurityToken()) { + echo 'CRSF Attack'; + return; + } $ID = getID(); -- cgit v1.2.3 From e979d184ca6fbad44ae1f33610c80b80d106e067 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 20 Oct 2013 21:51:13 +0200 Subject: remove no longer used ajax.php --- lib/plugins/acl/ajax.php | 57 ------------------------------------------------ 1 file changed, 57 deletions(-) delete mode 100644 lib/plugins/acl/ajax.php (limited to 'lib/plugins') diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php deleted file mode 100644 index 10e18af97..000000000 --- a/lib/plugins/acl/ajax.php +++ /dev/null @@ -1,57 +0,0 @@ - - */ - -if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../'); -require_once(DOKU_INC.'inc/init.php'); -//close session -session_write_close(); - -global $conf; -global $ID; -global $INPUT; - -//fix for Opera XMLHttpRequests -$postData = http_get_raw_post_data(); -if(!count($_POST) && !empty($postData)){ - parse_str($postData, $_POST); -} - -if(!auth_isadmin()) die('for admins only'); -if(!checkSecurityToken()) die('CRSF Attack'); - -$ID = getID(); - -/** @var $acl admin_plugin_acl */ -$acl = plugin_load('admin','acl'); -$acl->handle(); - -$ajax = $INPUT->str('ajax'); -header('Content-Type: text/html; charset=utf-8'); - -if($ajax == 'info'){ - $acl->_html_info(); -}elseif($ajax == 'tree'){ - - $dir = $conf['datadir']; - $ns = $INPUT->str('ns'); - if($ns == '*'){ - $ns =''; - } - $ns = cleanID($ns); - $lvl = count(explode(':',$ns)); - $ns = utf8_encodeFN(str_replace(':','/',$ns)); - - $data = $acl->_get_tree($ns,$ns); - - foreach(array_keys($data) as $item){ - $data[$item]['level'] = $lvl+1; - } - echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), - array($acl, '_html_li_acl')); -} - -- cgit v1.2.3 From 4d13d89c45c088d6070c4e2da6d5b702f13c77ab Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 20 Oct 2013 21:52:19 +0200 Subject: remove obsolete opera handling and session closing --- lib/plugins/acl/action.php | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 6111aca42..5e186fb61 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -41,18 +41,9 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { $event->stopPropagation(); $event->preventDefault(); - //close session - session_write_close(); - global $ID; global $INPUT; - //fix for Opera XMLHttpRequests - $postData = http_get_raw_post_data(); - if(!count($_POST) && !empty($postData)) { - parse_str($postData, $_POST); - } - if(!auth_isadmin()) { echo 'for admins only'; return; @@ -94,4 +85,4 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { ); } } -} \ No newline at end of file +} -- cgit v1.2.3