1 files changed, 77 insertions, 13 deletions

diff --git a/inc/actions.php b/inc/actions.php
index 0a6e6d8c7..fa11bb7f1 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -18,8 +18,10 @@ if(!defined('DOKU_INC')) die('meh.');
 function act_dispatch(){
     global $ACT;
     global $ID;
+    global $INFO;
     global $QUERY;
     global $lang;
+    global $conf;
 
     $preact = $ACT;
 
@@ -50,9 +52,20 @@ function act_dispatch(){
             }
         }
 
+        //display some infos
+        if($ACT == 'check'){
+            check();
+            $ACT = 'show';
+        }
+
         //check permissions
         $ACT = act_permcheck($ACT);
 
+        //sitemap
+        if ($ACT == 'sitemap'){
+            $ACT = act_sitemap($ACT);
+        }
+
         //register
         if($ACT == 'register' && $_POST['save'] && register()){
             $ACT = 'login';
@@ -115,12 +128,6 @@ function act_dispatch(){
         if(substr($ACT,0,7) == 'export_')
             $ACT = act_export($ACT);
 
-        //display some infos
-        if($ACT == 'check'){
-            check();
-            $ACT = 'show';
-        }
-
         //handle admin tasks
         if($ACT == 'admin'){
             // retrieve admin plugin name from $_REQUEST['page']
@@ -128,8 +135,15 @@ function act_dispatch(){
                 $pluginlist = plugin_list('admin');
                 if (in_array($_REQUEST['page'], $pluginlist)) {
                     // attempt to load the plugin
-                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null)
-                        $plugin->handle();
+                    if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+                        if($plugin->forAdminOnly() && !$INFO['isadmin']){
+                            // a manager tried to load a plugin that's for admins only
+                            unset($_REQUEST['page']);
+                            msg('For admins only',-1);
+                        }else{
+                            $plugin->handle();
+                        }
+                    }
                 }
             }
         }
@@ -138,6 +152,10 @@ function act_dispatch(){
         $ACT = act_permcheck($ACT);
     }  // end event ACTION_ACT_PREPROCESS default action
     $evt->advise_after();
+    // Make sure plugs can handle 'denied'
+    if($conf['send404'] && $ACT == 'denied') {
+        header('HTTP/1.0 403 Forbidden');
+    }
     unset($evt);
 
     // when action 'show', the intial not 'show' and POST, do a redirect
@@ -205,7 +223,7 @@ function act_clean($act){
                     'preview','search','show','check','index','revisions',
                     'diff','recent','backlink','admin','subscribe','revert',
                     'unsubscribe','profile','resendpwd','recover',
-                    'draftdel','subscribens','unsubscribens',)) && substr($act,0,7) != 'export_' ) {
+                    'draftdel','subscribens','unsubscribens','sitemap')) && substr($act,0,7) != 'export_' ) {
         msg('Command unknown: '.htmlspecialchars($act),-1);
         return 'show';
     }
@@ -233,7 +251,7 @@ function act_permcheck($act){
         }else{
             $permneed = AUTH_CREATE;
         }
-    }elseif(in_array($act,array('login','search','recent','profile','index'))){
+    }elseif(in_array($act,array('login','search','recent','profile','index', 'sitemap'))){
         $permneed = AUTH_NONE;
     }elseif($act == 'revert'){
         $permneed = AUTH_ADMIN;
@@ -281,10 +299,10 @@ function act_draftsave($act){
     global $conf;
     if($conf['usedraft'] && $_POST['wikitext']){
         $draft = array('id'     => $ID,
-                'prefix' => $_POST['prefix'],
+                'prefix' => substr($_POST['prefix'], 0, -1),
                 'text'   => $_POST['wikitext'],
                 'suffix' => $_POST['suffix'],
-                'date'   => $_POST['date'],
+                'date'   => (int) $_POST['date'],
                 'client' => $INFO['client'],
                 );
         $cname = getCacheName($draft['client'].$ID,'.draft');
@@ -587,6 +605,52 @@ function act_export($act){
 }
 
 /**
+ * Handle sitemap delivery
+ *
+ * @author Michael Hamann <michael@content-space.de>
+ */
+function act_sitemap($act) {
+    global $conf;
+
+    if ($conf['sitemap'] < 1 || !is_numeric($conf['sitemap'])) {
+        header("HTTP/1.0 404 Not Found");
+        print "Sitemap generation is disabled.";
+        exit;
+    }
+
+    $sitemap = Sitemapper::getFilePath();
+    if(strrchr($sitemap, '.') === '.gz'){
+        $mime = 'application/x-gzip';
+    }else{
+        $mime = 'application/xml; charset=utf-8';
+    }
+
+    // Check if sitemap file exists, otherwise create it
+    if (!is_readable($sitemap)) {
+        Sitemapper::generate();
+    }
+
+    if (is_readable($sitemap)) {
+        // Send headers
+        header('Content-Type: '.$mime);
+        header('Content-Disposition: attachment; filename='.basename($sitemap));
+
+        http_conditionalRequest(filemtime($sitemap));
+
+        // Send file
+        //use x-sendfile header to pass the delivery to compatible webservers
+        if (http_sendfile($sitemap)) exit;
+
+        readfile($sitemap);
+        exit;
+    }
+
+    header("HTTP/1.0 500 Internal Server Error");
+    print "Could not read the sitemap file - bad permissions?";
+    exit;
+}
+
+/**
  * Handle page 'subscribe'
  *
  * Throws exception on error.
@@ -687,4 +751,4 @@ function subscription_handle_post(&$params) {
     $params = compact('target', 'style', 'data', 'action');
 }
 
-//Setup VIM: ex: et ts=2 enc=utf-8 :
+//Setup VIM: ex: et ts=2 :