diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-07-02 14:16:22 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-07-02 14:16:22 +0200 |
| commit | 409d7af7c9c6c97c8c00cada876a2bf967fa1526 (patch) | |
| tree | 19defb2c97f293d4ed6150b0f5510019f0e3592d /inc | |
| parent | fd0cab2ee2d8c831bf1c086ab4015c9e74d3fe9c (diff) | |
| download | rpg-409d7af7c9c6c97c8c00cada876a2bf967fa1526.tar.gz rpg-409d7af7c9c6c97c8c00cada876a2bf967fa1526.tar.bz2 | |
disableactions support
This patch adds a config option to disable certain internal action commands of
DokuWiki's main dispatcher.
The options resendpasswd and openregister were removed because they can now set
through this new option.
The config plugin needs to be adjusted.
darcs-hash:20060702121622-7ad00-1e80e77bcfb0ae561fe7abd79cfbe1bb158be720.gz
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/actions.php | 18 | ||||
| -rw-r--r-- | inc/auth.php | 2 | ||||
| -rw-r--r-- | inc/confutils.php | 22 | ||||
| -rw-r--r-- | inc/html.php | 49 | ||||
| -rw-r--r-- | inc/template.php | 25 |
5 files changed, 64 insertions, 52 deletions
diff --git a/inc/actions.php b/inc/actions.php index 194beaad3..51fb0a84a 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -155,6 +155,12 @@ function act_clean($act){ if($act == 'export_html') $act = 'export_xhtml'; if($act == 'export_htmlbody') $act = 'export_xhtmlbody'; + // check if action is disabled + if(!actionOK($act)){ + msg('Command disabled: '.htmlspecialchars($act),-1); + return 'show'; + } + //disable all acl related commands if ACL is disabled if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin', 'subscribe','unsubscribe','profile', @@ -198,17 +204,9 @@ function act_permcheck($act){ }elseif(in_array($act,array('login','search','recent','profile'))){ $permneed = AUTH_NONE; }elseif($act == 'register'){ - if ($conf['openregister']){ - $permneed = AUTH_NONE; - }else{ - $permneed = AUTH_ADMIN; - } + $permneed = AUTH_NONE; }elseif($act == 'resendpwd'){ - if ($conf['resendpasswd']) { - $permneed = AUTH_NONE; - }else{ - $permneed = AUTH_ADMIN+1; // shouldn't get here if $conf['resendpasswd'] is off - } + $permneed = AUTH_NONE; }elseif($act == 'admin'){ $permneed = AUTH_ADMIN; }else{ diff --git a/inc/auth.php b/inc/auth.php index 72c87552d..345a2ba67 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -581,7 +581,7 @@ function act_resendpwd(){ global $auth; if(!$_POST['save']) return false; - if(!$conf['resendpasswd']) return false; + if(!actionOK('resendpwd')) return false; // should not be able to get here without modPass being possible... if(!$auth->canDo('modPass')) { diff --git a/inc/confutils.php b/inc/confutils.php index b800f5f53..c668e8066 100644 --- a/inc/confutils.php +++ b/inc/confutils.php @@ -163,5 +163,27 @@ function confToHash($file,$lower=false) { return $conf; } +/** + * check if the given action was disabled in config + * + * @author Andreas Gohr <andi@splitbrain.org> + * @returns boolean true if enabled, false if disabled + */ +function actionOK($action){ + static $disabled = null; + if(is_null($disabled)){ + global $conf; + + // prepare disabled actions array and handle legacy options + $disabled = explode(',',$conf['disableactions']); + $disabled = array_map('trim',$disabled); + if(isset($conf['openregister']) && !$conf['openregister']) $disabled[] = 'register'; + if(isset($conf['resendpasswd']) && !$conf['resendpasswd']) $disabled[] = 'resendpwd'; + $disabled = array_unique($disabled); + } + + return !in_array($action,$disabled); +} + //Setup VIM: ex: et ts=2 enc=utf-8 : diff --git a/inc/html.php b/inc/html.php index 9bd926c03..2a02b8c34 100644 --- a/inc/html.php +++ b/inc/html.php @@ -75,14 +75,14 @@ function html_login(){ </fieldset> </form> <?php - if($auth->canDo('addUser') && $conf['openregister']){ + if($auth->canDo('addUser') && actionOK('register')){ print '<p>'; print $lang['reghere']; print ': <a href="'.wl($ID,'do=register').'" class="wikilink1">'.$lang['register'].'</a>'; print '</p>'; } - if ($auth->canDo('modPass') && $conf['resendpasswd']) { + if ($auth->canDo('modPass') && actionOK('resendpwd')) { print '<p>'; print $lang['pwdforget']; print ': <a href="'.wl($ID,'do=resendpwd').'" class="wikilink1">'.$lang['btn_resendpwd'].'</a>'; @@ -100,37 +100,6 @@ function html_login(){ } /** - * shows the edit/source/show/draft button dependent on current mode - * - * @author Andreas Gohr <andi@splitbrain.org> - */ -function html_editbutton(){ - global $ID; - global $REV; - global $ACT; - global $INFO; - - if($ACT == 'show' || $ACT == 'search'){ - if($INFO['writable']){ - if($INFO['draft']){ - $r = html_btn('draft',$ID,'e',array('do' => 'draft'),'post'); - }else{ - if($INFO['exists']){ - $r = html_btn('edit',$ID,'e',array('do' => 'edit','rev' => $REV),'post'); - }else{ - $r = html_btn('create',$ID,'e',array('do' => 'edit','rev' => $REV),'post'); - } - } - }else{ - $r = html_btn('source',$ID,'v',array('do' => 'edit','rev' => $REV),'post'); - } - }else{ - $r = html_btn('show',$ID,'v',array('do' => 'show')); - } - return $r; -} - -/** * prints a section editing button * used as a callback in html_secedit * @@ -1046,6 +1015,11 @@ function html_edit($text=null,$include='edit'){ //FIXME: include needed? if ($REV) print p_locale_xhtml('editrev'); print p_locale_xhtml($include); }else{ + // check pseudo action 'source' + if(!actionOK('source')){ + msg('Command disabled: source',-1); + return; + } print p_locale_xhtml('read'); $ro='readonly="readonly"'; } @@ -1057,8 +1031,8 @@ function html_edit($text=null,$include='edit'){ //FIXME: include needed? <div class="toolbar"> <div id="draft__status"><?php if($INFO['draft']) echo $lang['draftdate'].' '.date($conf['dformat']);?></div> - <div id="tool__bar"><a href="<?php echo DOKU_BASE?>lib/exe/mediamanager.php?ns=<?php echo $INFO['namespace']?>" - target="_blank"><?php echo $lang['mediaselect'] ?></a></div> + <div id="tool__bar"><?php if(!$ro){?><a href="<?php echo DOKU_BASE?>lib/exe/mediamanager.php?ns=<?php echo $INFO['namespace']?>" + target="_blank"><?php echo $lang['mediaselect'] ?></a><?php }?></div> <?php if($wr){?> <script type="text/javascript" charset="utf-8"> @@ -1237,11 +1211,6 @@ function html_admin(){ ptln(' <li><div class="li"><a href="'.wl($ID, 'do=admin&page='.$item['plugin']).'">'.$item['prompt'].'</a></div></li>'); } - // add in non-plugin functions - if (!$conf['openregister']){ - ptln('<li><div class="li"><a href="'.wl($ID,'do=register').'">'.$lang['admin_register'].'</a></div></li>'); - } - ptln('</ul>'); } diff --git a/inc/template.php b/inc/template.php index 277c06d8d..f9e69d340 100644 --- a/inc/template.php +++ b/inc/template.php @@ -296,9 +296,29 @@ function tpl_button($type){ global $conf; global $auth; + if(!actionOK($type)) return; + switch($type){ case 'edit': - print html_editbutton(); + #most complicated type - we need to decide on current action + if($ACT == 'show' || $ACT == 'search'){ + if($INFO['writable']){ + if($INFO['draft']){ + echo html_btn('draft',$ID,'e',array('do' => 'draft'),'post'); + }else{ + if($INFO['exists']){ + echo html_btn('edit',$ID,'e',array('do' => 'edit','rev' => $REV),'post'); + }else{ + echo html_btn('create',$ID,'e',array('do' => 'edit','rev' => $REV),'post'); + } + } + }else{ + if(!actionOK('source')) return false; //pseudo action + echo html_btn('source',$ID,'v',array('do' => 'edit','rev' => $REV),'post'); + } + }else{ + echo html_btn('show',$ID,'v',array('do' => 'show')); + } break; case 'history': print html_btn('revs',$ID,'o',array('do' => 'revisions')); @@ -386,6 +406,8 @@ function tpl_actionlink($type,$pre='',$suf=''){ global $lang; global $auth; + if(!actionOK($type)) return; + switch($type){ case 'edit': #most complicated type - we need to decide on current action @@ -401,6 +423,7 @@ function tpl_actionlink($type,$pre='',$suf=''){ 'class="action create" accesskey="e" rel="nofollow"'); } }else{ + if(!actionOK('source')) return false; //pseudo action tpl_link(wl($ID,'do=edit&rev='.$REV), $pre.$lang['btn_source'].$suf, 'class="action source" accesskey="v" rel="nofollow"'); |