From 5505dd9afd380c1676d9d0cef3e10d5be06ffee2 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Sun, 27 Nov 2011 01:22:40 +0100 Subject: Fixed XML-RPC getAttachment method. Without creating an IXR_Base64 object, the file will be encoded as base64, but send as string. The client XML-RPC parser cannot detect that it is meant to be a base64 encoded file. --- lib/exe/xmlrpc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index e5e3298ae..3a05c886d 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -311,7 +311,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { return new IXR_Error(1, 'The requested file does not exist'); $data = io_readFile($file, false); - $base64 = base64_encode($data); + $base64 = new IXR_Base64($data); return $base64; } -- cgit v1.2.3 From 3f3bb97fcdd30282632d96a5bb19d2ea61c01504 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Mon, 28 Nov 2011 20:59:49 +0100 Subject: removed dublicated content --- lib/exe/xmlrpc.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index e5e3298ae..cb8dbf42d 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -21,6 +21,7 @@ if(!$conf['xmlrpc']) die('XML-RPC server not enabled.'); class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { var $methods = array(); var $public_methods = array(); + var $remote; /** * Checks if the current user is allowed to execute non anonymous methods @@ -67,6 +68,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Constructor. Register methods and run Server */ function dokuwiki_xmlrpc_server(){ + $this->remote = new RemoteAPI(); $this->IXR_IntrospectionServer(); /* DokuWiki's own methods */ @@ -284,16 +286,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * Return a raw wiki page */ function rawPage($id,$rev=''){ - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_READ){ + try { + return $this->remote->rawPage($id, $rev); + } catch(RemoteAccessDenied $e) { return new IXR_Error(1, 'You are not allowed to read this page'); } - $text = rawWiki($id,$rev); - if(!$text) { - return pageTemplate($id); - } else { - return $text; - } } /** -- cgit v1.2.3 From 1c122589394bb9150f09facdcd6e75d054eb69a4 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Tue, 29 Nov 2011 19:17:59 +0100 Subject: Using sensefull error codes. Since there are currently a lot of error coded returning 1, that mean completly different thing, i guess it would be very nice to change this. A client should not be forced to parse the error message, the error code should be enough to explain the error. This change suggests some error codes, that have a hierarchical structure. In the following list the categories begin with = and the error codes actually used with -. = 100 Page errors == 110 Page access errors --- 111 User is not allowed to read the requested page --- 112 User is not allowed to edit the page == 120 Page existance errors --- 121 The requested page does not exist == 130 Page edit errors --- 131 Empty page id --- 132 Empty page content --- 133 Page is locked --- 134 Positive wordblock check = 200 Media errors == 210 Media access errors --- 211 User is not allowed to read media --- 215 User is not allowed to list media == 220 Media existance errors --- 221 The requested media does not exist = 300 Search errors == 310 Argument errors --- 311 The provided value is not a valid timestamp == 320 Search result errors --- 321 No chances in specified timeframe --- lib/exe/xmlrpc.php | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 3a05c886d..5d19725a3 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -286,7 +286,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { function rawPage($id,$rev=''){ $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); + return new IXR_Error(111, 'You are not allowed to read this page'); } $text = rawWiki($id,$rev); if(!$text) { @@ -304,11 +304,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { function getAttachment($id){ $id = cleanID($id); if (auth_quickaclcheck(getNS($id).':*') < AUTH_READ) - return new IXR_Error(1, 'You are not allowed to read this file'); + return new IXR_Error(211, 'You are not allowed to read this file'); $file = mediaFN($id); if (!@ file_exists($file)) - return new IXR_Error(1, 'The requested file does not exist'); + return new IXR_Error(221, 'The requested file does not exist'); $data = io_readFile($file, false); $base64 = new IXR_Base64($data); @@ -342,7 +342,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { function htmlPage($id,$rev=''){ $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); + return new IXR_Error(111, 'You are not allowed to read this page'); } return p_wiki_xhtml($id,$rev,false); } @@ -462,7 +462,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { } return $data; } else { - return new IXR_Error(1, 'You are not allowed to list media files.'); + return new IXR_Error(215, 'You are not allowed to list media files.'); } } @@ -479,12 +479,12 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { function pageInfo($id,$rev=''){ $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); + return new IXR_Error(111, 'You are not allowed to read this page'); } $file = wikiFN($id,$rev); $time = @filemtime($file); if(!$time){ - return new IXR_Error(10, 'The requested page does not exist'); + return new IXR_Error(121, 'The requested page does not exist'); } $info = getRevisionInfo($id, $time, 1024); @@ -515,22 +515,22 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { $minor = $params['minor']; if(empty($id)) - return new IXR_Error(1, 'Empty page ID'); + return new IXR_Error(131, 'Empty page ID'); if(!page_exists($id) && trim($TEXT) == '' ) { - return new IXR_ERROR(1, 'Refusing to write an empty new wiki page'); + return new IXR_ERROR(132, 'Refusing to write an empty new wiki page'); } if(auth_quickaclcheck($id) < AUTH_EDIT) - return new IXR_Error(1, 'You are not allowed to edit this page'); + return new IXR_Error(112, 'You are not allowed to edit this page'); // Check, if page is locked if(checklock($id)) - return new IXR_Error(1, 'The page is currently locked'); + return new IXR_Error(133, 'The page is currently locked'); // SPAM check if(checkwordblock()) - return new IXR_Error(1, 'Positive wordblock check'); + return new IXR_Error(134, 'Positive wordblock check'); // autoset summary on new pages if(!page_exists($id) && empty($sum)) { @@ -635,7 +635,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { function listLinks($id) { $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); + return new IXR_Error(111, 'You are not allowed to read this page'); } $links = array(); @@ -684,7 +684,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { */ function getRecentChanges($timestamp) { if(strlen($timestamp) != 10) - return new IXR_Error(20, 'The provided value is not a valid timestamp'); + return new IXR_Error(311, 'The provided value is not a valid timestamp'); $recents = getRecentsSince($timestamp); @@ -705,7 +705,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { return $changes; } else { // in case we still have nothing at this point - return new IXR_Error(30, 'There are no changes in the specified timeframe'); + return new IXR_Error(321, 'There are no changes in the specified timeframe'); } } @@ -717,7 +717,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { */ function getRecentMediaChanges($timestamp) { if(strlen($timestamp) != 10) - return new IXR_Error(20, 'The provided value is not a valid timestamp'); + return new IXR_Error(311, 'The provided value is not a valid timestamp'); $recents = getRecentsSince($timestamp, null, '', RECENTS_MEDIA_CHANGES); @@ -738,7 +738,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { return $changes; } else { // in case we still have nothing at this point - return new IXR_Error(30, 'There are no changes in the specified timeframe'); + return new IXR_Error(321, 'There are no changes in the specified timeframe'); } } @@ -750,14 +750,14 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { function pageVersions($id, $first) { $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); + return new IXR_Error(111, 'You are not allowed to read this page'); } global $conf; $versions = array(); if(empty($id)) - return new IXR_Error(1, 'Empty page ID'); + return new IXR_Error(131, 'Empty page ID'); $revisions = getRevisions($id, $first, $conf['recent']+1); -- cgit v1.2.3 From f3046d2bbd96dc9a501975392e76d6ae539cdf05 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Tue, 29 Nov 2011 20:42:35 +0100 Subject: Second part of the error codes. Forgot some :( Added the new error codes and categories: --- 212 Not allowed to delete media == 230 Media edit error --- 231 Filename not given --- 232 File is still referenced --- 233 Could not delete file --- lib/exe/xmlrpc.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 5d19725a3..910271461 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -575,7 +575,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { $auth = auth_quickaclcheck(getNS($id).':*'); if(!isset($id)) { - return new IXR_ERROR(1, 'Filename not given.'); + return new IXR_ERROR(231, 'Filename not given.'); } global $conf; @@ -611,11 +611,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { if ($res & DOKU_MEDIA_DELETED) { return 0; } elseif ($res & DOKU_MEDIA_NOT_AUTH) { - return new IXR_ERROR(1, "You don't have permissions to delete files."); + return new IXR_ERROR(212, "You don't have permissions to delete files."); } elseif ($res & DOKU_MEDIA_INUSE) { - return new IXR_ERROR(1, 'File is still referenced'); + return new IXR_ERROR(232, 'File is still referenced'); } else { - return new IXR_ERROR(1, 'Could not delete file'); + return new IXR_ERROR(233, 'Could not delete file'); } } -- cgit v1.2.3 From aafb4e36f7fdc95d371cffcf351c3611efd69945 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Thu, 1 Dec 2011 22:33:16 +0100 Subject: Fixed bug in XML-RPC search. The score was randomly transfered as string or as integer. This way it will always be transfered as an integer. --- lib/exe/xmlrpc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 910271461..61e6f1e95 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -411,7 +411,7 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { $pages[] = array( 'id' => $id, - 'score' => $score, + 'score' => intval($score), 'rev' => filemtime($file), 'mtime' => filemtime($file), 'size' => filesize($file), -- cgit v1.2.3 From fe092d886946cca23fa8ab1be240a356a1f60492 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Sun, 11 Dec 2011 11:24:19 +0100 Subject: transfered bugfix from dokuwiki 97a000f0551735b35606d94d59abc4ff440783a5 --- lib/exe/xmlrpc.php | 35 ++++++++++++----------------------- 1 file changed, 12 insertions(+), 23 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index cb8dbf42d..bcbae0a43 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -299,17 +299,16 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * @author Gina Haeussge */ function getAttachment($id){ - $id = cleanID($id); - if (auth_quickaclcheck(getNS($id).':*') < AUTH_READ) - return new IXR_Error(1, 'You are not allowed to read this file'); - - $file = mediaFN($id); - if (!@ file_exists($file)) - return new IXR_Error(1, 'The requested file does not exist'); - - $data = io_readFile($file, false); - $base64 = base64_encode($data); - return $base64; + try { + try { + return $this->remote->getAttachment($id); + } catch (RemoteAccessDenied $e) { + return new IXR_Error(1, 'You are not allowed to read this file'); + } + } + catch (RemoteException $e) { + return new IXR_Error(1, $e->getMessage()); + } } /** @@ -318,18 +317,8 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { * @author Gina Haeussge */ function getAttachmentInfo($id){ - $id = cleanID($id); - $info = array( - 'lastModified' => 0, - 'size' => 0, - ); - - $file = mediaFN($id); - if ((auth_quickaclcheck(getNS($id).':*') >= AUTH_READ) && file_exists($file)){ - $info['lastModified'] = new IXR_Date(filemtime($file)); - $info['size'] = filesize($file); - } - + $info = $this->remote->getAttachmentInfo($id); + $info['lastModified'] = new IXR_Date($info['lastModified']); return $info; } -- cgit v1.2.3 From 3a13cfe7e12afabb47139702b7f118d63ccf42c2 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Sun, 8 Jan 2012 18:10:38 +0100 Subject: set login as public method --- lib/exe/xmlrpc.php | 848 +---------------------------------------------------- 1 file changed, 14 insertions(+), 834 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index bcbae0a43..9888c9a61 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -10,6 +10,7 @@ if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); define('DOKU_XMLRPC_API_VERSION', 6); require_once(DOKU_INC.'inc/init.php'); +require_once(DOKU_INC.'inc/remote.php'); session_write_close(); //close session if(!$conf['xmlrpc']) die('XML-RPC server not enabled.'); @@ -18,855 +19,34 @@ if(!$conf['xmlrpc']) die('XML-RPC server not enabled.'); * Contains needed wrapper functions and registers all available * XMLRPC functions. */ -class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { - var $methods = array(); - var $public_methods = array(); +class dokuwiki_xmlrpc_server extends IXR_Server { var $remote; /** - * Checks if the current user is allowed to execute non anonymous methods - */ - function checkAuth(){ - global $conf; - global $USERINFO; - - if(!$conf['useacl']) return true; //no ACL - then no checks - if(trim($conf['xmlrpcuser']) == '') return true; //no restrictions - - return auth_isMember($conf['xmlrpcuser'],$_SERVER['REMOTE_USER'],(array) $USERINFO['grps']); - } - - /** - * Adds a callback, extends parent method - * - * add another parameter to define if anonymous access to - * this method should be granted. + * Constructor. Register methods and run Server */ - function addCallback($method, $callback, $args, $help, $public=false){ - if($public) $this->public_methods[] = $method; - return parent::addCallback($method, $callback, $args, $help); + function dokuwiki_xmlrpc_server(){ + $this->remote = new RemoteAPI(); + $this->IXR_Server(); } - /** - * Execute a call, extends parent method - * - * Checks for authentication first - */ function call($methodname, $args){ - if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){ + try { + //print 'a'; + $result = $this->remote->call($methodname, $args); + return $result; + } catch (RemoteAccessDenied $e) { if (!isset($_SERVER['REMOTE_USER'])) { header('HTTP/1.1 401 Unauthorized'); } else { header('HTTP/1.1 403 Forbidden'); } - return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".'); + return new IXR_Error(-32603, 'server error. not authorized to call method'); + } catch (RemoteException $e) { + return new IXR_Error($e->getCode(), $e->getMessage()); } - return parent::call($methodname, $args); } - /** - * Constructor. Register methods and run Server - */ - function dokuwiki_xmlrpc_server(){ - $this->remote = new RemoteAPI(); - $this->IXR_IntrospectionServer(); - - /* DokuWiki's own methods */ - $this->addCallback( - 'dokuwiki.getXMLRPCAPIVersion', - 'this:getAPIVersion', - array('integer'), - 'Returns the XMLRPC API version.', - true - ); - - $this->addCallback( - 'dokuwiki.getVersion', - 'getVersion', - array('string'), - 'Returns the running DokuWiki version.', - true - ); - - $this->addCallback( - 'dokuwiki.login', - 'this:login', - array('integer','string','string'), - 'Tries to login with the given credentials and sets auth cookies.', - true - ); - - $this->addCallback( - 'dokuwiki.getPagelist', - 'this:readNamespace', - array('struct','string','struct'), - 'List all pages within the given namespace.' - ); - - $this->addCallback( - 'dokuwiki.search', - 'this:search', - array('struct','string'), - 'Perform a fulltext search and return a list of matching pages' - ); - - $this->addCallback( - 'dokuwiki.getTime', - 'time', - array('int'), - 'Return the current time at the wiki server.' - ); - - $this->addCallback( - 'dokuwiki.setLocks', - 'this:setLocks', - array('struct','struct'), - 'Lock or unlock pages.' - ); - - - $this->addCallback( - 'dokuwiki.getTitle', - 'this:getTitle', - array('string'), - 'Returns the wiki title.', - true - ); - - $this->addCallback( - 'dokuwiki.appendPage', - 'this:appendPage', - array('int', 'string', 'string', 'struct'), - 'Append text to a wiki page.' - ); - - /* Wiki API v2 http://www.jspwiki.org/wiki/WikiRPCInterface2 */ - $this->addCallback( - 'wiki.getRPCVersionSupported', - 'this:wiki_RPCVersion', - array('int'), - 'Returns 2 with the supported RPC API version.', - true - ); - $this->addCallback( - 'wiki.getPage', - 'this:rawPage', - array('string','string'), - 'Get the raw Wiki text of page, latest version.' - ); - $this->addCallback( - 'wiki.getPageVersion', - 'this:rawPage', - array('string','string','int'), - 'Get the raw Wiki text of page.' - ); - $this->addCallback( - 'wiki.getPageHTML', - 'this:htmlPage', - array('string','string'), - 'Return page in rendered HTML, latest version.' - ); - $this->addCallback( - 'wiki.getPageHTMLVersion', - 'this:htmlPage', - array('string','string','int'), - 'Return page in rendered HTML.' - ); - $this->addCallback( - 'wiki.getAllPages', - 'this:listPages', - array('struct'), - 'Returns a list of all pages. The result is an array of utf8 pagenames.' - ); - $this->addCallback( - 'wiki.getAttachments', - 'this:listAttachments', - array('struct', 'string', 'struct'), - 'Returns a list of all media files.' - ); - $this->addCallback( - 'wiki.getBackLinks', - 'this:listBackLinks', - array('struct','string'), - 'Returns the pages that link to this page.' - ); - $this->addCallback( - 'wiki.getPageInfo', - 'this:pageInfo', - array('struct','string'), - 'Returns a struct with infos about the page.' - ); - $this->addCallback( - 'wiki.getPageInfoVersion', - 'this:pageInfo', - array('struct','string','int'), - 'Returns a struct with infos about the page.' - ); - $this->addCallback( - 'wiki.getPageVersions', - 'this:pageVersions', - array('struct','string','int'), - 'Returns the available revisions of the page.' - ); - $this->addCallback( - 'wiki.putPage', - 'this:putPage', - array('int', 'string', 'string', 'struct'), - 'Saves a wiki page.' - ); - $this->addCallback( - 'wiki.listLinks', - 'this:listLinks', - array('struct','string'), - 'Lists all links contained in a wiki page.' - ); - $this->addCallback( - 'wiki.getRecentChanges', - 'this:getRecentChanges', - array('struct','int'), - 'Returns a struct about all recent changes since given timestamp.' - ); - $this->addCallback( - 'wiki.getRecentMediaChanges', - 'this:getRecentMediaChanges', - array('struct','int'), - 'Returns a struct about all recent media changes since given timestamp.' - ); - $this->addCallback( - 'wiki.aclCheck', - 'this:aclCheck', - array('int', 'string'), - 'Returns the permissions of a given wiki page.' - ); - $this->addCallback( - 'wiki.putAttachment', - 'this:putAttachment', - array('struct', 'string', 'base64', 'struct'), - 'Upload a file to the wiki.' - ); - $this->addCallback( - 'wiki.deleteAttachment', - 'this:deleteAttachment', - array('int', 'string'), - 'Delete a file from the wiki.' - ); - $this->addCallback( - 'wiki.getAttachment', - 'this:getAttachment', - array('base64', 'string'), - 'Download a file from the wiki.' - ); - $this->addCallback( - 'wiki.getAttachmentInfo', - 'this:getAttachmentInfo', - array('struct', 'string'), - 'Returns a struct with infos about the attachment.' - ); - - /** - * Trigger XMLRPC_CALLBACK_REGISTER, action plugins can use this event - * to extend the XMLRPC interface and register their own callbacks. - * - * Event data: - * The XMLRPC server object: - * - * $event->data->addCallback() - register a callback, the second - * paramter has to be of the form "plugin::" - * - * $event->data->callbacks - an array which holds all awaylable - * callbacks - */ - trigger_event('XMLRPC_CALLBACK_REGISTER', $this); - - $this->serve(); - } - - /** - * Return a raw wiki page - */ - function rawPage($id,$rev=''){ - try { - return $this->remote->rawPage($id, $rev); - } catch(RemoteAccessDenied $e) { - return new IXR_Error(1, 'You are not allowed to read this page'); - } - } - - /** - * Return a media file encoded in base64 - * - * @author Gina Haeussge - */ - function getAttachment($id){ - try { - try { - return $this->remote->getAttachment($id); - } catch (RemoteAccessDenied $e) { - return new IXR_Error(1, 'You are not allowed to read this file'); - } - } - catch (RemoteException $e) { - return new IXR_Error(1, $e->getMessage()); - } - } - - /** - * Return info about a media file - * - * @author Gina Haeussge - */ - function getAttachmentInfo($id){ - $info = $this->remote->getAttachmentInfo($id); - $info['lastModified'] = new IXR_Date($info['lastModified']); - return $info; - } - - /** - * Return a wiki page rendered to html - */ - function htmlPage($id,$rev=''){ - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); - } - return p_wiki_xhtml($id,$rev,false); - } - - /** - * List all pages - we use the indexer list here - */ - function listPages(){ - $list = array(); - $pages = idx_get_indexer()->getPages(); - $pages = array_filter(array_filter($pages,'isVisiblePage'),'page_exists'); - - foreach(array_keys($pages) as $idx) { - $perm = auth_quickaclcheck($pages[$idx]); - if($perm < AUTH_READ) { - continue; - } - $page = array(); - $page['id'] = trim($pages[$idx]); - $page['perms'] = $perm; - $page['size'] = @filesize(wikiFN($pages[$idx])); - $page['lastModified'] = new IXR_Date(@filemtime(wikiFN($pages[$idx]))); - $list[] = $page; - } - - return $list; - } - - /** - * List all pages in the given namespace (and below) - */ - function readNamespace($ns,$opts){ - global $conf; - - if(!is_array($opts)) $opts=array(); - - $ns = cleanID($ns); - $dir = utf8_encodeFN(str_replace(':', '/', $ns)); - $data = array(); - $opts['skipacl'] = 0; // no ACL skipping for XMLRPC - search($data, $conf['datadir'], 'search_allpages', $opts, $dir); - return $data; - } - - /** - * List all pages in the given namespace (and below) - */ - function search($query){ - require_once(DOKU_INC.'inc/fulltext.php'); - - $regex = ''; - $data = ft_pageSearch($query,$regex); - $pages = array(); - - // prepare additional data - $idx = 0; - foreach($data as $id => $score){ - $file = wikiFN($id); - - if($idx < FT_SNIPPET_NUMBER){ - $snippet = ft_snippet($id,$regex); - $idx++; - }else{ - $snippet = ''; - } - - $pages[] = array( - 'id' => $id, - 'score' => $score, - 'rev' => filemtime($file), - 'mtime' => filemtime($file), - 'size' => filesize($file), - 'snippet' => $snippet, - ); - } - return $pages; - } - - /** - * Returns the wiki title. - */ - function getTitle(){ - global $conf; - return $conf['title']; - } - - /** - * List all media files. - * - * Available options are 'recursive' for also including the subnamespaces - * in the listing, and 'pattern' for filtering the returned files against - * a regular expression matching their name. - * - * @author Gina Haeussge - */ - function listAttachments($ns, $options = array()) { - global $conf; - global $lang; - - $ns = cleanID($ns); - - if (!is_array($options)) $options = array(); - $options['skipacl'] = 0; // no ACL skipping for XMLRPC - - - if(auth_quickaclcheck($ns.':*') >= AUTH_READ) { - $dir = utf8_encodeFN(str_replace(':', '/', $ns)); - - $data = array(); - search($data, $conf['mediadir'], 'search_media', $options, $dir); - $len = count($data); - if(!$len) return array(); - - for($i=0; $i<$len; $i++) { - unset($data[$i]['meta']); - $data[$i]['lastModified'] = new IXR_Date($data[$i]['mtime']); - } - return $data; - } else { - return new IXR_Error(1, 'You are not allowed to list media files.'); - } - } - - /** - * Return a list of backlinks - */ - function listBackLinks($id){ - return ft_backlinks(cleanID($id)); - } - - /** - * Return some basic data about a page - */ - function pageInfo($id,$rev=''){ - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); - } - $file = wikiFN($id,$rev); - $time = @filemtime($file); - if(!$time){ - return new IXR_Error(10, 'The requested page does not exist'); - } - - $info = getRevisionInfo($id, $time, 1024); - - $data = array( - 'name' => $id, - 'lastModified' => new IXR_Date($time), - 'author' => (($info['user']) ? $info['user'] : $info['ip']), - 'version' => $time - ); - - return ($data); - } - - /** - * Save a wiki page - * - * @author Michael Klier - */ - function putPage($id, $text, $params) { - global $TEXT; - global $lang; - global $conf; - - $id = cleanID($id); - $TEXT = cleanText($text); - $sum = $params['sum']; - $minor = $params['minor']; - - if(empty($id)) - return new IXR_Error(1, 'Empty page ID'); - - if(!page_exists($id) && trim($TEXT) == '' ) { - return new IXR_ERROR(1, 'Refusing to write an empty new wiki page'); - } - - if(auth_quickaclcheck($id) < AUTH_EDIT) - return new IXR_Error(1, 'You are not allowed to edit this page'); - - // Check, if page is locked - if(checklock($id)) - return new IXR_Error(1, 'The page is currently locked'); - - // SPAM check - if(checkwordblock()) - return new IXR_Error(1, 'Positive wordblock check'); - - // autoset summary on new pages - if(!page_exists($id) && empty($sum)) { - $sum = $lang['created']; - } - - // autoset summary on deleted pages - if(page_exists($id) && empty($TEXT) && empty($sum)) { - $sum = $lang['deleted']; - } - - lock($id); - - saveWikiText($id,$TEXT,$sum,$minor); - - unlock($id); - - // run the indexer if page wasn't indexed yet - idx_addPage($id); - - return 0; - } - - /** - * Appends text to a wiki page. - */ - function appendPage($id, $text, $params) { - $currentpage = $this->rawPage($id); - if (!is_string($currentpage)) { - return $currentpage; - } - return $this->putPage($id, $currentpage.$text, $params); - } - - /** - * Uploads a file to the wiki. - * - * Michael Klier - */ - function putAttachment($id, $file, $params) { - $id = cleanID($id); - $auth = auth_quickaclcheck(getNS($id).':*'); - - if(!isset($id)) { - return new IXR_ERROR(1, 'Filename not given.'); - } - - global $conf; - - $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP()); - - // save temporary file - @unlink($ftmp); - if (preg_match('/^[A-Za-z0-9\+\/]*={0,2}$/', $file) === 1) { - // DEPRECATED: Double-decode file if it still looks like base64 - // after first decoding (which is done by the library) - $file = base64_decode($file); - } - io_saveFile($ftmp, $file); - - $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename'); - if (is_array($res)) { - return new IXR_ERROR(-$res[1], $res[0]); - } else { - return $res; - } - } - - /** - * Deletes a file from the wiki. - * - * @author Gina Haeussge - */ - function deleteAttachment($id){ - $id = cleanID($id); - $auth = auth_quickaclcheck(getNS($id).':*'); - $res = media_delete($id, $auth); - if ($res & DOKU_MEDIA_DELETED) { - return 0; - } elseif ($res & DOKU_MEDIA_NOT_AUTH) { - return new IXR_ERROR(1, "You don't have permissions to delete files."); - } elseif ($res & DOKU_MEDIA_INUSE) { - return new IXR_ERROR(1, 'File is still referenced'); - } else { - return new IXR_ERROR(1, 'Could not delete file'); - } - } - - /** - * Returns the permissions of a given wiki page - */ - function aclCheck($id) { - $id = cleanID($id); - return auth_quickaclcheck($id); - } - - /** - * Lists all links contained in a wiki page - * - * @author Michael Klier - */ - function listLinks($id) { - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); - } - $links = array(); - - // resolve page instructions - $ins = p_cached_instructions(wikiFN($id)); - - // instantiate new Renderer - needed for interwiki links - include(DOKU_INC.'inc/parser/xhtml.php'); - $Renderer = new Doku_Renderer_xhtml(); - $Renderer->interwiki = getInterwiki(); - - // parse parse instructions - foreach($ins as $in) { - $link = array(); - switch($in[0]) { - case 'internallink': - $link['type'] = 'local'; - $link['page'] = $in[1][0]; - $link['href'] = wl($in[1][0]); - array_push($links,$link); - break; - case 'externallink': - $link['type'] = 'extern'; - $link['page'] = $in[1][0]; - $link['href'] = $in[1][0]; - array_push($links,$link); - break; - case 'interwikilink': - $url = $Renderer->_resolveInterWiki($in[1][2],$in[1][3]); - $link['type'] = 'extern'; - $link['page'] = $url; - $link['href'] = $url; - array_push($links,$link); - break; - } - } - - return ($links); - } - - /** - * Returns a list of recent changes since give timestamp - * - * @author Michael Hamann - * @author Michael Klier - */ - function getRecentChanges($timestamp) { - if(strlen($timestamp) != 10) - return new IXR_Error(20, 'The provided value is not a valid timestamp'); - - $recents = getRecentsSince($timestamp); - - $changes = array(); - - foreach ($recents as $recent) { - $change = array(); - $change['name'] = $recent['id']; - $change['lastModified'] = new IXR_Date($recent['date']); - $change['author'] = $recent['user']; - $change['version'] = $recent['date']; - $change['perms'] = $recent['perms']; - $change['size'] = @filesize(wikiFN($recent['id'])); - array_push($changes, $change); - } - - if (!empty($changes)) { - return $changes; - } else { - // in case we still have nothing at this point - return new IXR_Error(30, 'There are no changes in the specified timeframe'); - } - } - - /** - * Returns a list of recent media changes since give timestamp - * - * @author Michael Hamann - * @author Michael Klier - */ - function getRecentMediaChanges($timestamp) { - if(strlen($timestamp) != 10) - return new IXR_Error(20, 'The provided value is not a valid timestamp'); - - $recents = getRecentsSince($timestamp, null, '', RECENTS_MEDIA_CHANGES); - - $changes = array(); - - foreach ($recents as $recent) { - $change = array(); - $change['name'] = $recent['id']; - $change['lastModified'] = new IXR_Date($recent['date']); - $change['author'] = $recent['user']; - $change['version'] = $recent['date']; - $change['perms'] = $recent['perms']; - $change['size'] = @filesize(mediaFN($recent['id'])); - array_push($changes, $change); - } - - if (!empty($changes)) { - return $changes; - } else { - // in case we still have nothing at this point - return new IXR_Error(30, 'There are no changes in the specified timeframe'); - } - } - - /** - * Returns a list of available revisions of a given wiki page - * - * @author Michael Klier - */ - function pageVersions($id, $first) { - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_READ){ - return new IXR_Error(1, 'You are not allowed to read this page'); - } - global $conf; - - $versions = array(); - - if(empty($id)) - return new IXR_Error(1, 'Empty page ID'); - - $revisions = getRevisions($id, $first, $conf['recent']+1); - - if(count($revisions)==0 && $first!=0) { - $first=0; - $revisions = getRevisions($id, $first, $conf['recent']+1); - } - - if(count($revisions)>0 && $first==0) { - array_unshift($revisions, ''); // include current revision - array_pop($revisions); // remove extra log entry - } - - $hasNext = false; - if(count($revisions)>$conf['recent']) { - $hasNext = true; - array_pop($revisions); // remove extra log entry - } - - if(!empty($revisions)) { - foreach($revisions as $rev) { - $file = wikiFN($id,$rev); - $time = @filemtime($file); - // we check if the page actually exists, if this is not the - // case this can lead to less pages being returned than - // specified via $conf['recent'] - if($time){ - $info = getRevisionInfo($id, $time, 1024); - if(!empty($info)) { - $data['user'] = $info['user']; - $data['ip'] = $info['ip']; - $data['type'] = $info['type']; - $data['sum'] = $info['sum']; - $data['modified'] = new IXR_Date($info['date']); - $data['version'] = $info['date']; - array_push($versions, $data); - } - } - } - return $versions; - } else { - return array(); - } - } - - /** - * The version of Wiki RPC API supported - */ - function wiki_RPCVersion(){ - return 2; - } - - - /** - * Locks or unlocks a given batch of pages - * - * Give an associative array with two keys: lock and unlock. Both should contain a - * list of pages to lock or unlock - * - * Returns an associative array with the keys locked, lockfail, unlocked and - * unlockfail, each containing lists of pages. - */ - function setLocks($set){ - $locked = array(); - $lockfail = array(); - $unlocked = array(); - $unlockfail = array(); - - foreach((array) $set['lock'] as $id){ - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_EDIT || checklock($id)){ - $lockfail[] = $id; - }else{ - lock($id); - $locked[] = $id; - } - } - - foreach((array) $set['unlock'] as $id){ - $id = cleanID($id); - if(auth_quickaclcheck($id) < AUTH_EDIT || !unlock($id)){ - $unlockfail[] = $id; - }else{ - $unlocked[] = $id; - } - } - - return array( - 'locked' => $locked, - 'lockfail' => $lockfail, - 'unlocked' => $unlocked, - 'unlockfail' => $unlockfail, - ); - } - - function getAPIVersion(){ - return DOKU_XMLRPC_API_VERSION; - } - - function login($user,$pass){ - global $conf; - global $auth; - if(!$conf['useacl']) return 0; - if(!$auth) return 0; - - @session_start(); // reopen session for login - if($auth->canDo('external')){ - $ok = $auth->trustExternal($user,$pass,false); - }else{ - $evdata = array( - 'user' => $user, - 'password' => $pass, - 'sticky' => false, - 'silent' => true, - ); - $ok = trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); - } - session_write_close(); // we're done with the session - - return $ok; - } - - } $server = new dokuwiki_xmlrpc_server(); -- cgit v1.2.3 From f95017850a515969190f54df3d57a00449245bb9 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Sun, 8 Jan 2012 18:37:59 +0100 Subject: delegate file and date transformation to remote library --- lib/exe/xmlrpc.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 9888c9a61..44b4ba7a0 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -27,6 +27,8 @@ class dokuwiki_xmlrpc_server extends IXR_Server { */ function dokuwiki_xmlrpc_server(){ $this->remote = new RemoteAPI(); + $this->remote->setDateTransformation(array($this, 'toDate')); + $this->remote->setFileTransformation(array($this, 'toFile')); $this->IXR_Server(); } @@ -47,6 +49,14 @@ class dokuwiki_xmlrpc_server extends IXR_Server { } } + function toDate($data) { + return new IXR_Date($data); + } + + function toFile($data) { + return new IXR_Base64($data); + } + } $server = new dokuwiki_xmlrpc_server(); -- cgit v1.2.3 From e61127e4af913a252fbe5c8f427501268501895c Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Sun, 8 Jan 2012 19:31:10 +0100 Subject: refactored RemoteAccessDenied to RemoteAccessDeniedException --- lib/exe/xmlrpc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 44b4ba7a0..ce9ef1484 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -37,7 +37,7 @@ class dokuwiki_xmlrpc_server extends IXR_Server { //print 'a'; $result = $this->remote->call($methodname, $args); return $result; - } catch (RemoteAccessDenied $e) { + } catch (RemoteAccessDeniedException $e) { if (!isset($_SERVER['REMOTE_USER'])) { header('HTTP/1.1 401 Unauthorized'); } else { -- cgit v1.2.3 From c51f90d7a072929e2b636e986b8ea2121bc5a630 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Tue, 24 Jan 2012 11:12:44 +0100 Subject: let js.php use multiple caches --- lib/exe/js.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index b7f2fd222..c929c9ba5 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -31,8 +31,14 @@ function js_out(){ global $lang; global $config_cascade; + if (isset($_GET['cacheKey'])) { + $cacheKey = strval($_GET['cacheKey']); + } else { + $cacheKey = ''; + } + // The generated script depends on some dynamic options - $cache = new cache('scripts'.$_SERVER['HTTP_HOST'].$_SERVER['SERVER_PORT'], + $cache = new cache('scripts'.$_SERVER['HTTP_HOST'].$_SERVER['SERVER_PORT'].$cacheKey, '.js'); // load minified version for some files -- cgit v1.2.3 From 81aca18e6e88c08386c11592dbf4650114aba04f Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 1 Feb 2012 20:07:04 +0100 Subject: removed some more occurances of DOKU_TPL* --- lib/exe/css.php | 4 ++-- lib/exe/js.php | 4 ++-- lib/exe/opensearch.php | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/css.php b/lib/exe/css.php index d54e2e46c..69b512205 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -41,8 +41,8 @@ function css_out(){ $tplinc = DOKU_INC.'lib/tpl/'.$tpl.'/'; $tpldir = DOKU_BASE.'lib/tpl/'.$tpl.'/'; }else{ - $tplinc = DOKU_TPLINC; - $tpldir = DOKU_TPL; + $tplinc = tpl_incdir(); + $tpldir = tpl_basedir(); } // The generated script depends on some dynamic options diff --git a/lib/exe/js.php b/lib/exe/js.php index b7f2fd222..963eebd5f 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -65,7 +65,7 @@ function js_out(){ # disabled for FS#1958 DOKU_INC.'lib/scripts/hotkeys.js', DOKU_INC.'lib/scripts/behaviour.js', DOKU_INC.'lib/scripts/page.js', - DOKU_TPLINC.'script.js', + tpl_incdir().'script.js', ); // add possible plugin scripts and userscript @@ -87,7 +87,7 @@ function js_out(){ // add some global variables print "var DOKU_BASE = '".DOKU_BASE."';"; - print "var DOKU_TPL = '".DOKU_TPL."';"; + print "var DOKU_TPL = '".tpl_basedir()."';"; // FIXME: Move those to JSINFO print "var DOKU_UHN = ".((int) useHeading('navigation')).";"; print "var DOKU_UHC = ".((int) useHeading('content')).";"; diff --git a/lib/exe/opensearch.php b/lib/exe/opensearch.php index 03a1632c4..73939c347 100644 --- a/lib/exe/opensearch.php +++ b/lib/exe/opensearch.php @@ -16,9 +16,9 @@ require_once(DOKU_INC.'inc/init.php'); // try to be clever about the favicon location if(file_exists(DOKU_INC.'favicon.ico')){ $ico = DOKU_URL.'favicon.ico'; -}elseif(file_exists(DOKU_TPLINC.'images/favicon.ico')){ +}elseif(file_exists(tpl_incdir().'images/favicon.ico')){ $ico = DOKU_URL.'lib/tpl/'.$conf['template'].'/images/favicon.ico'; -}elseif(file_exists(DOKU_TPLINC.'favicon.ico')){ +}elseif(file_exists(tpl_incdir().'favicon.ico')){ $ico = DOKU_URL.'lib/tpl/'.$conf['template'].'/favicon.ico'; }else{ $ico = DOKU_URL.'lib/tpl/default/images/favicon.ico'; -- cgit v1.2.3 From 2203da5b13d5062626a6ecd6b599fb42dc415a06 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 1 Feb 2012 20:35:23 +0100 Subject: increased XMLRPC API version for 1d667b4 --- lib/exe/xmlrpc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 61e6f1e95..1264ff333 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -7,7 +7,7 @@ if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); /** * Increased whenever the API is changed */ -define('DOKU_XMLRPC_API_VERSION', 6); +define('DOKU_XMLRPC_API_VERSION', 7); require_once(DOKU_INC.'inc/init.php'); session_write_close(); //close session -- cgit v1.2.3 From 750a55de568a82aaa40ca384a17a64804e94f2b9 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Sun, 5 Feb 2012 12:33:35 +0100 Subject: corrected comment --- lib/exe/xmlrpc.php | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index ce9ef1484..a48ac41b0 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -34,7 +34,6 @@ class dokuwiki_xmlrpc_server extends IXR_Server { function call($methodname, $args){ try { - //print 'a'; $result = $this->remote->call($methodname, $args); return $result; } catch (RemoteAccessDeniedException $e) { -- cgit v1.2.3 From e67004f5b686076af0dbf00cf574ac643d003cae Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Tue, 7 Feb 2012 19:41:09 +0100 Subject: trigger JS_CACHE_USE in lib/exe/js.php This removes the cachekey parameter again and instead follows @michitux's suggestion to trigger an event for the cache usage --- lib/exe/js.php | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index c929c9ba5..95ca10e87 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -31,15 +31,9 @@ function js_out(){ global $lang; global $config_cascade; - if (isset($_GET['cacheKey'])) { - $cacheKey = strval($_GET['cacheKey']); - } else { - $cacheKey = ''; - } - // The generated script depends on some dynamic options - $cache = new cache('scripts'.$_SERVER['HTTP_HOST'].$_SERVER['SERVER_PORT'].$cacheKey, - '.js'); + $cache = new cache('scripts'.$_SERVER['HTTP_HOST'].$_SERVER['SERVER_PORT'],'.js'); + $cache->_event = 'JS_CACHE_USE'; // load minified version for some files $min = $conf['compress'] ? '.min' : ''; @@ -85,8 +79,8 @@ function js_out(){ // check cache age & handle conditional request // This may exit if a cache can be used - http_cached($cache->cache, - $cache->useCache(array('files' => $cache_files))); + $cache_ok = $cache->useCache(array('files' => $cache_files)); + http_cached($cache->cache, $cache_ok); // start output buffering and build the script ob_start(); -- cgit v1.2.3 From 96946cc94d3ecb3832e2a1ce35c49743e25329e1 Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Wed, 21 Mar 2012 11:25:00 +0100 Subject: replaced $HTTP_RAW_POST_DATA with http_get_raw_post_data function --- lib/exe/xmlrpc.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 93086e891..cbec90bff 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -1,9 +1,6 @@ Date: Thu, 22 Mar 2012 12:11:31 +0100 Subject: removed requires, changed conf check in xmlrpc.php --- lib/exe/xmlrpc.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index cbec90bff..cf3682f11 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -2,10 +2,9 @@ if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../'); require_once(DOKU_INC.'inc/init.php'); -require_once(DOKU_INC.'inc/remote.php'); session_write_close(); //close session -if(!$conf['xmlrpc']) die('XML-RPC server not enabled.'); +if(!$conf['remote']) die('XML-RPC server not enabled.'); /** * Contains needed wrapper functions and registers all available -- cgit v1.2.3 From 6c47a78cc56b2c460658675c694bd178c31a1830 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Mon, 9 Apr 2012 14:15:29 +0100 Subject: load only one stylesheet for all modes instead of three Instead of three stylesheets for 'all', 'screen' and 'print' modes, they are all loaded into a single stylesheet by wrapping all screen styles in a "@media screen {}" and all print styles in a "@media print {}". The 'all' mode is not wrapped in anything. Potential issues with existing CSS: If any of your screen or print CSS files already contain any "@media" syntax, the CSS will probably break. In that case please add any CSS with "@media" in it to the 'all' mode instead! Also, the 'rtl' mode is hereby deprecated. Please just prefix any RTL styles within your normal CSS files with "[dir=rtl]". This also fixes that RTL styles cannot be added for 'all' or 'print' modes. --- lib/exe/css.php | 125 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 76 insertions(+), 49 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/css.php b/lib/exe/css.php index 69b512205..5468376c6 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -9,6 +9,7 @@ if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../'); if(!defined('NOSESSION')) define('NOSESSION',true); // we do not use a session or authentication here (better caching) if(!defined('DOKU_DISABLE_GZIP_OUTPUT')) define('DOKU_DISABLE_GZIP_OUTPUT',1); // we gzip ourself here +if(!defined('NL')) define('NL',"\n"); require_once(DOKU_INC.'inc/init.php'); // Main (don't run when UNIT test) @@ -30,10 +31,12 @@ function css_out(){ global $lang; global $config_cascade; - $mediatype = 'screen'; - if (isset($_REQUEST['s']) && - in_array($_REQUEST['s'], array('all', 'print', 'feed'))) { - $mediatype = $_REQUEST['s']; + if (isset($_REQUEST['s']) && ($_REQUEST['s'] == 'feed')) { + $mediatypes = array('feed'); + $type = 'feed'; + } else { + $mediatypes = array('screen', 'all', 'print'); + $type = ''; } $tpl = trim(preg_replace('/[^\w-]+/','',$_REQUEST['t'])); @@ -46,7 +49,7 @@ function css_out(){ } // The generated script depends on some dynamic options - $cache = new cache('styles'.$_SERVER['HTTP_HOST'].$_SERVER['SERVER_PORT'].DOKU_BASE.$tplinc.$mediatype,'.css'); + $cache = new cache('styles'.$_SERVER['HTTP_HOST'].$_SERVER['SERVER_PORT'].DOKU_BASE.$tplinc.$type,'.css'); // load template styles $tplstyles = array(); @@ -57,57 +60,79 @@ function css_out(){ } } - // Array of needed files and their web locations, the latter ones - // are needed to fix relative paths in the stylesheets - $files = array(); - // load core styles - $files[DOKU_INC.'lib/styles/'.$mediatype.'.css'] = DOKU_BASE.'lib/styles/'; - // load jQuery-UI theme - $files[DOKU_INC.'lib/scripts/jquery/jquery-ui-theme/smoothness.css'] = DOKU_BASE.'lib/scripts/jquery/jquery-ui-theme/'; - // load plugin styles - $files = array_merge($files, css_pluginstyles($mediatype)); - // load template styles - if (isset($tplstyles[$mediatype])) { - $files = array_merge($files, $tplstyles[$mediatype]); - } - // if old 'default' userstyle setting exists, make it 'screen' userstyle for backwards compatibility - if (isset($config_cascade['userstyle']['default'])) { - $config_cascade['userstyle']['screen'] = $config_cascade['userstyle']['default']; - } - // load user styles - if(isset($config_cascade['userstyle'][$mediatype])){ - $files[$config_cascade['userstyle'][$mediatype]] = DOKU_BASE; - } - // load rtl styles - // @todo: this currently adds the rtl styles only to the 'screen' media type - // but 'print' and 'all' should also be supported - if ($mediatype=='screen') { - if($lang['direction'] == 'rtl'){ - if (isset($tplstyles['rtl'])) $files = array_merge($files, $tplstyles['rtl']); + // start output buffering + ob_start(); + + foreach($mediatypes as $mediatype) { + // Array of needed files and their web locations, the latter ones + // are needed to fix relative paths in the stylesheets + $files = array(); + // load core styles + $files[DOKU_INC.'lib/styles/'.$mediatype.'.css'] = DOKU_BASE.'lib/styles/'; + // load jQuery-UI theme + if ($mediatype == 'screen') { + //$files[DOKU_INC.'lib/scripts/jquery/jquery-ui-theme/smoothness.css'] = DOKU_BASE.'lib/scripts/jquery/jquery-ui-theme/'; + } + // load plugin styles + $files = array_merge($files, css_pluginstyles($mediatype)); + // load template styles + if (isset($tplstyles[$mediatype])) { + $files = array_merge($files, $tplstyles[$mediatype]); + } + // if old 'default' userstyle setting exists, make it 'screen' userstyle for backwards compatibility + if (isset($config_cascade['userstyle']['default'])) { + $config_cascade['userstyle']['screen'] = $config_cascade['userstyle']['default']; + } + // load user styles + if(isset($config_cascade['userstyle'][$mediatype])){ + $files[$config_cascade['userstyle'][$mediatype]] = DOKU_BASE; + } + // load rtl styles + // note: this adds the rtl styles only to the 'screen' media type + // @deprecated 2012-04-09: rtl will cease to be a mode of its own, + // please use "[dir=rtl]" in any css file in all, screen or print mode instead + if ($mediatype=='screen') { + if($lang['direction'] == 'rtl'){ + if (isset($tplstyles['rtl'])) $files = array_merge($files, $tplstyles['rtl']); + } } - } - $cache_files = array_merge(array_keys($files), getConfigFiles('main')); - $cache_files[] = $tplinc.'style.ini'; - $cache_files[] = __FILE__; + $cache_files = array_merge(array_keys($files), getConfigFiles('main')); + $cache_files[] = $tplinc.'style.ini'; + $cache_files[] = __FILE__; - // check cache age & handle conditional request - // This may exit if a cache can be used - http_cached($cache->cache, - $cache->useCache(array('files' => $cache_files))); + // check cache age & handle conditional request + // This may exit if a cache can be used + http_cached($cache->cache, + $cache->useCache(array('files' => $cache_files))); - // start output buffering and build the stylesheet - ob_start(); + // build the stylesheet - // print the default classes for interwiki links and file downloads - css_interwiki(); - css_filetypes(); + // print the default classes for interwiki links and file downloads + if ($mediatype == 'screen') { + css_interwiki(); + css_filetypes(); + } - // load files - foreach($files as $file => $location){ - print css_loadfile($file, $location); + // load files + $css_content = ''; + foreach($files as $file => $location){ + $css_content .= css_loadfile($file, $location); + } + switch ($mediatype) { + case 'screen': + print NL.'@media screen { /* START screen styles */'.NL.$css_content.NL.'} /* /@media END screen styles */'.NL; + break; + case 'print': + print NL.'@media print { /* START print styles */'.NL.$css_content.NL.'} /* /@media END print styles */'.NL; + break; + case 'all': + case 'feed': + default: + print NL.'/* START rest styles */ '.NL.$css_content.NL.'/* END rest styles */'.NL; + break; + } } - // end output buffering and get contents $css = ob_get_contents(); ob_end_clean(); @@ -275,6 +300,8 @@ function css_pluginstyles($mediatype='screen'){ if ($mediatype=='screen') { $list[DOKU_PLUGIN."$p/style.css"] = DOKU_BASE."lib/plugins/$p/"; } + // @deprecated 2012-04-09: rtl will cease to be a mode of its own, + // please use "[dir=rtl]" in any css file in all, screen or print mode instead if($lang['direction'] == 'rtl'){ $list[DOKU_PLUGIN."$p/rtl.css"] = DOKU_BASE."lib/plugins/$p/"; } -- cgit v1.2.3 From 3d2fd76a6a87ddf4a45c05091799c09500265307 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Mon, 9 Apr 2012 19:08:20 +0100 Subject: added accidentally removed jquery-ui styles back again --- lib/exe/css.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/css.php b/lib/exe/css.php index 5468376c6..1b2b0c86b 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -71,7 +71,7 @@ function css_out(){ $files[DOKU_INC.'lib/styles/'.$mediatype.'.css'] = DOKU_BASE.'lib/styles/'; // load jQuery-UI theme if ($mediatype == 'screen') { - //$files[DOKU_INC.'lib/scripts/jquery/jquery-ui-theme/smoothness.css'] = DOKU_BASE.'lib/scripts/jquery/jquery-ui-theme/'; + $files[DOKU_INC.'lib/scripts/jquery/jquery-ui-theme/smoothness.css'] = DOKU_BASE.'lib/scripts/jquery/jquery-ui-theme/'; } // load plugin styles $files = array_merge($files, css_pluginstyles($mediatype)); -- cgit v1.2.3 From b2a3342a5ee467dde700d5c67249400d5eb01f86 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Wed, 18 Apr 2012 14:58:27 +0200 Subject: Added more detail error code for unauthorized calls in xmlrpc interface. --- lib/exe/xmlrpc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/exe') diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index cf3682f11..5e6c197d0 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -30,10 +30,11 @@ class dokuwiki_xmlrpc_server extends IXR_Server { } catch (RemoteAccessDeniedException $e) { if (!isset($_SERVER['REMOTE_USER'])) { header('HTTP/1.1 401 Unauthorized'); + return new IXR_Error(-32603, "server error. not authorized to call method $methodname"); } else { header('HTTP/1.1 403 Forbidden'); + return new IXR_Error(-32604, "server error. forbidden to call the method $methodname"); } - return new IXR_Error(-32603, "server error. not authorized to call method $methodname"); } catch (RemoteException $e) { return new IXR_Error($e->getCode(), $e->getMessage()); } -- cgit v1.2.3 From 56ef9b96cf85ba4b1e5df37ac113143f102d3642 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 19 Apr 2012 11:23:45 +0200 Subject: some more debug output in the indexer webbug --- lib/exe/indexer.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php index 95e2af05b..738a29503 100644 --- a/lib/exe/indexer.php +++ b/lib/exe/indexer.php @@ -55,6 +55,8 @@ exit; function runTrimRecentChanges($media_changes = false) { global $conf; + echo "runTrimRecentChanges($media_changes): started".NL; + $fn = ($media_changes ? $conf['media_changelog'] : $conf['changelog']); // Trim the Recent Changes @@ -70,6 +72,7 @@ function runTrimRecentChanges($media_changes = false) { if (count($lines)<=$conf['recent']) { // nothing to trim io_unlock($fn); + echo "runTrimRecentChanges($media_changes): finished".NL; return false; } @@ -91,6 +94,7 @@ function runTrimRecentChanges($media_changes = false) { // nothing to trim @unlink($fn.'_tmp'); io_unlock($fn); + echo "runTrimRecentChanges($media_changes): finished".NL; return false; } @@ -114,10 +118,12 @@ function runTrimRecentChanges($media_changes = false) { } else { io_unlock($fn); } + echo "runTrimRecentChanges($media_changes): finished".NL; return true; } // nothing done + echo "runTrimRecentChanges($media_changes): finished".NL; return false; } @@ -160,11 +166,12 @@ function runSitemapper(){ * @author Adrian Lang */ function sendDigest() { - echo 'sendDigest(): start'.NL; + echo 'sendDigest(): started'.NL; global $ID; global $conf; if (!$conf['subscribers']) { - return; + echo 'sendDigest(): disabled'.NL; + return false; } $subscriptions = subscription_find($ID, array('style' => '(digest|list)', 'escaped' => true)); @@ -243,6 +250,8 @@ function sendDigest() { // restore current user info $USERINFO = $olduinfo; $_SERVER['REMOTE_USER'] = $olduser; + echo 'sendDigest(): finished'.NL; + return true; } /** -- cgit v1.2.3 From ca53ac989366b6c0519b74dc7152cb5e68c6bbad Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 4 May 2012 15:12:37 +0200 Subject: Correctly handle multiline strings in JS compressor See http://stackoverflow.com/questions/805107/how-to-create-multiline-strings for info on them. --- lib/exe/js.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/js.php b/lib/exe/js.php index 4b72014b2..7c54f3e2e 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -307,7 +307,10 @@ function js_compress($s){ $j += 1; } } - $result .= substr($s,$i,$j+1); + $string = substr($s,$i,$j+1); + // remove multiline markers: + $string = str_replace("\\\n",'',$string); + $result .= $string; $i = $i + $j + 1; continue; } @@ -322,7 +325,10 @@ function js_compress($s){ $j += 1; } } - $result .= substr($s,$i,$j+1); + $string = substr($s,$i,$j+1); + // remove multiline markers: + $string = str_replace("\\\n",'',$string); + $result .= $string; $i = $i + $j + 1; continue; } -- cgit v1.2.3 From bfd0f5975e6e3578b4fa0c712e9779a0861fdc72 Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Thu, 28 Jun 2012 22:04:10 -0400 Subject: Input wrapper for exe scripts --- lib/exe/css.php | 8 ++++---- lib/exe/detail.php | 4 ++-- lib/exe/fetch.php | 8 ++++---- lib/exe/indexer.php | 7 ++++--- 4 files changed, 14 insertions(+), 13 deletions(-) (limited to 'lib/exe') diff --git a/lib/exe/css.php b/lib/exe/css.php index 69b512205..5cc4ab830 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -29,14 +29,14 @@ function css_out(){ global $conf; global $lang; global $config_cascade; + global $INPUT; $mediatype = 'screen'; - if (isset($_REQUEST['s']) && - in_array($_REQUEST['s'], array('all', 'print', 'feed'))) { - $mediatype = $_REQUEST['s']; + if (in_array($INPUT->str('s'), array('all', 'print', 'feed'))) { + $mediatype = $INPUT->str('s'); } - $tpl = trim(preg_replace('/[^\w-]+/','',$_REQUEST['t'])); + $tpl = trim(preg_replace('/[^\w-]+/','',$INPUT->str('t'))); if($tpl){ $tplinc = DOKU_INC.'lib/tpl/'.$tpl.'/'; $tpldir = DOKU_BASE.'lib/tpl/'.$tpl.'/'; diff --git a/lib/exe/detail.php b/lib/exe/detail.php index 35186f5dd..ea46bc037 100644 --- a/lib/exe/detail.php +++ b/lib/exe/detail.php @@ -6,9 +6,9 @@ require_once(DOKU_INC.'inc/init.php'); session_write_close(); $IMG = getID('media'); -$ID = cleanID($_REQUEST['id']); +$ID = cleanID($INPUT->str('id')); -if($conf['allowdebug'] && $_REQUEST['debug']){ +if($conf['allowdebug'] && $INPUT->has('debug')){ print '
';
     foreach(explode(' ','basedir userewrite baseurl useslash') as $x){
         print '$'."conf['$x'] = '".$conf[$x]."';\n";
diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 143d40f22..60843460e 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -17,10 +17,10 @@
 
   //get input
   $MEDIA  = stripctl(getID('media',false)); // no cleaning except control chars - maybe external
-  $CACHE  = calc_cache($_REQUEST['cache']);
-  $WIDTH  = (int) $_REQUEST['w'];
-  $HEIGHT = (int) $_REQUEST['h'];
-  $REV   = (int) @$_REQUEST['rev'];
+  $CACHE  = calc_cache($INPUT->str('cache'));
+  $WIDTH  = $INPUT->int('w');
+  $HEIGHT = $INPUT->int('h');
+  $REV    = &$INPUT->ref('rev');
   //sanitize revision
   $REV = preg_replace('/[^0-9]/','',$REV);
 
diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php
index 738a29503..e149770c0 100644
--- a/lib/exe/indexer.php
+++ b/lib/exe/indexer.php
@@ -20,10 +20,10 @@ if(!$defer){
     sendGIF(); // send gif
 }
 
-$ID = cleanID($_REQUEST['id']);
+$ID = cleanID($INPUT->str('id'));
 
 // Catch any possible output (e.g. errors)
-$output = isset($_REQUEST['debug']) && $conf['allowdebug'];
+$output = $INPUT->has('debug') && $conf['allowdebug'];
 if(!$output) ob_start();
 
 // run one of the jobs
@@ -261,7 +261,8 @@ function sendDigest() {
  * @author Harry Fuecks 
  */
 function sendGIF(){
-    if(isset($_REQUEST['debug'])){
+    global $INPUT;
+    if($INPUT->has('debug')){
         header('Content-Type: text/plain');
         return;
     }
-- 
cgit v1.2.3


From 8108113c244529ec54f11271a6a15e3d1e0a048f Mon Sep 17 00:00:00 2001
From: Tom N Harris 
Date: Thu, 28 Jun 2012 22:15:56 -0400
Subject: Input validation for media manager

---
 lib/exe/mediamanager.php | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 5f09fe1f8..83166a2f4 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -11,24 +11,23 @@
     session_write_close();  //close session
 
     // handle passed message
-    if($_REQUEST['msg1']) msg(hsc($_REQUEST['msg1']),1);
-    if($_REQUEST['err']) msg(hsc($_REQUEST['err']),-1);
+    if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1);
+    if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1);
 
 
     // get namespace to display (either direct or from deletion order)
-    if($_REQUEST['delete']){
-        $DEL = cleanID($_REQUEST['delete']);
+    if($INPUT->str('delete')){
+        $DEL = cleanID($INPUT->str('delete'));
         $IMG = $DEL;
         $NS  = getNS($DEL);
-    }elseif($_REQUEST['edit']){
-        $IMG = cleanID($_REQUEST['edit']);
+    }elseif($INPUT->str('edit')){
+        $IMG = cleanID($INPUT->str('edit'));
         $NS  = getNS($IMG);
-    }elseif($_REQUEST['img']){
-        $IMG = cleanID($_REQUEST['img']);
+    }elseif($INPUT->str('img')){
+        $IMG = cleanID($INPUT->str('img'));
         $NS  = getNS($IMG);
     }else{
-        $NS = $_REQUEST['ns'];
-        $NS = cleanID($NS);
+        $NS = cleanID($INPUT->str('ns'));
     }
 
     // check auth
@@ -76,18 +75,18 @@
     }
 
     // handle meta saving
-    if($IMG && @array_key_exists('save', $_REQUEST['do'])){
-        $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']);
+    if($IMG && @array_key_exists('save', $INPUT->arr('do'))){
+        $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta'));
     }
 
-    if($IMG && ($_REQUEST['mediado'] == 'save' || @array_key_exists('save', $_REQUEST['mediado']))) {
-        $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']);
+    if($IMG && ($INPUT->str('mediado') == 'save' || @array_key_exists('save', $INPUT->arr('mediado')))) {
+        $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta'));
     }
 
-    if ($_REQUEST['rev'] && $conf['mediarevisions']) $REV = (int) $_REQUEST['rev'];
+    if ($INPUT->int('rev') && $conf['mediarevisions']) $REV = $INPUT->int('rev');
 
-    if($_REQUEST['mediado'] == 'restore' && $conf['mediarevisions']){
-        $JUMPTO = media_restore($_REQUEST['image'], $REV, $AUTH);
+    if($INPUT->str('mediado') == 'restore' && $conf['mediarevisions']){
+        $JUMPTO = media_restore($INPUT->str('image'), $REV, $AUTH);
     }
 
     // handle deletion
@@ -101,7 +100,7 @@
             if ($res & DOKU_MEDIA_EMPTY_NS && !$fullscreen) {
                 // current namespace was removed. redirecting to root ns passing msg along
                 send_redirect(DOKU_URL.'lib/exe/mediamanager.php?msg1='.
-                        rawurlencode($msg).'&edid='.$_REQUEST['edid']);
+                        rawurlencode($msg).'&edid='.$INPUT->str('edid'));
             }
             msg($msg,1);
         } elseif ($res & DOKU_MEDIA_INUSE) {
-- 
cgit v1.2.3


From 361f1762edc347181a45a66ba541ba8f144552c0 Mon Sep 17 00:00:00 2001
From: Tom N Harris 
Date: Fri, 29 Jun 2012 00:03:16 -0400
Subject: fix necessary global declaration

---
 lib/exe/mediamanager.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/exe')

diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 83166a2f4..04dd178cc 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -10,6 +10,7 @@
     trigger_event('MEDIAMANAGER_STARTED',$tmp=array());
     session_write_close();  //close session
 
+    global $INPUT;
     // handle passed message
     if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1);
     if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1);
-- 
cgit v1.2.3


From c98f205e8a6265654072c7d3fea952552837b819 Mon Sep 17 00:00:00 2001
From: Adrian Lang 
Date: Fri, 13 Jul 2012 12:07:51 +0200
Subject: Fix HTML injection in mediaFileList (Secunia advisory SA49196)

---
 lib/exe/ajax.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index 3d1584244..945091f34 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -13,7 +13,6 @@ session_write_close();
 
 header('Content-Type: text/html; charset=utf-8');
 
-
 //call the requested function
 if(isset($_POST['call'])){
     $call = $_POST['call'];
@@ -204,7 +203,7 @@ function ajax_medialist(){
     global $conf;
     global $NS;
 
-    $NS = $_POST['ns'];
+    $NS = cleanID($_POST['ns']);
     if ($_POST['do'] == 'media') {
         tpl_mediaFileList();
     } else {
-- 
cgit v1.2.3


From c8839c220c49633ea45ce5d0e4be1f411f66ad6c Mon Sep 17 00:00:00 2001
From: Anika Henke 
Date: Sat, 14 Jul 2012 12:10:08 +0100
Subject: changed all doctypes to html5 doctype

---
 lib/exe/index.html | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/index.html b/lib/exe/index.html
index d614603ac..977f90e10 100644
--- a/lib/exe/index.html
+++ b/lib/exe/index.html
@@ -1,6 +1,5 @@
-
-
+
+
 
 
 
-- 
cgit v1.2.3


From 3009a773c06e6e5d731c42b12ad82272f9706f03 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Sat, 28 Jul 2012 10:40:48 +0200
Subject: replaced use of basename() with utf8_basename() FS#2015

---
 lib/exe/fetch.php | 4 ++--
 lib/exe/js.php    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 60843460e..150812b55 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -122,9 +122,9 @@ function sendFile($file,$mime,$dl,$cache){
 
   //download or display?
   if($dl){
-    header('Content-Disposition: attachment; filename="'.basename($file).'";');
+    header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";');
   }else{
-    header('Content-Disposition: inline; filename="'.basename($file).'";');
+    header('Content-Disposition: inline; filename="'.utf8_basename($file).'";');
   }
 
   //use x-sendfile header to pass the delivery to compatible webservers
diff --git a/lib/exe/js.php b/lib/exe/js.php
index 7c54f3e2e..f84c07709 100644
--- a/lib/exe/js.php
+++ b/lib/exe/js.php
@@ -143,7 +143,7 @@ function js_load($file){
 
         // is it a include_once?
         if($match[1]){
-            $base = basename($ifile);
+            $base = utf8_basename($ifile);
             if($loaded[$base]) continue;
             $loaded[$base] = true;
         }
-- 
cgit v1.2.3


From 80a47290a7a01f2a320d09d387eea690ce1f62b4 Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Mon, 6 Aug 2012 20:34:51 +0200
Subject: do not recompress already minified js FS#2574

---
 lib/exe/js.php | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'lib/exe')

diff --git a/lib/exe/js.php b/lib/exe/js.php
index f84c07709..634e21207 100644
--- a/lib/exe/js.php
+++ b/lib/exe/js.php
@@ -102,8 +102,12 @@ function js_out(){
 
     // load files
     foreach($files as $file){
+        $ismin = (substr($file,-7) == '.min.js');
+
         echo "\n\n/* XXXXXXXXXX begin of ".str_replace(DOKU_INC, '', $file) ." XXXXXXXXXX */\n\n";
+        if($ismin) echo "\n/* BEGIN NOCOMPRESS */\n";
         js_load($file);
+        if($ismin) echo "\n/* END NOCOMPRESS */\n";
         echo "\n\n/* XXXXXXXXXX end of " . str_replace(DOKU_INC, '', $file) . " XXXXXXXXXX */\n\n";
     }
 
@@ -262,7 +266,18 @@ function js_compress($s){
         if($ch == '/' && $s{$i+1} == '*' && $s{$i+2} != '@'){
             $endC = strpos($s,'*/',$i+2);
             if($endC === false) trigger_error('Found invalid /*..*/ comment', E_USER_ERROR);
-            $i = $endC + 2;
+
+            // check if this is a NOCOMPRESS comment
+            if(substr($s, $i, $endC+2-$i) == '/* BEGIN NOCOMPRESS */'){
+                $endNC = strpos($s, '/* END NOCOMPRESS */', $endC+2);
+                if($endNC === false) trigger_error('Found invalid NOCOMPRESS comment', E_USER_ERROR);
+
+                // verbatim copy contents, trimming but putting it on its own line
+                $result .= "\n".trim(substr($s, $i + 22, $endNC - ($i + 22)))."\n"; // BEGIN comment = 22 chars
+                $i = $endNC + 20; // END comment = 20 chars
+            }else{
+                $i = $endC + 2;
+            }
             continue;
         }
 
-- 
cgit v1.2.3


From 64273335d1bae12b2fe7d9664e1665d6e69d47af Mon Sep 17 00:00:00 2001
From: Andreas Gohr 
Date: Fri, 24 Aug 2012 09:43:50 +0200
Subject: more $INPUT use FS#2577

---
 lib/exe/ajax.php | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index 945091f34..496b2f1a1 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -162,7 +162,8 @@ function ajax_lock(){
  * @author Andreas Gohr 
  */
 function ajax_draftdel(){
-    $id = cleanID($_REQUEST['id']);
+    global $INPUT;
+    $id = cleanID($INPUT->str('id'));
     if(empty($id)) return;
 
     $client = $_SERVER['REMOTE_USER'];
@@ -218,11 +219,11 @@ function ajax_medialist(){
  * @author Kate Arzamastseva 
  */
 function ajax_mediadetails(){
-    global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $REV, $lang, $fullscreen, $conf;
+    global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $REV, $lang, $fullscreen, $conf, $INPUT;
     $fullscreen = true;
     require_once(DOKU_INC.'lib/exe/mediamanager.php');
 
-    if ($_REQUEST['image']) $image = cleanID($_REQUEST['image']);
+    if ($INPUT->has('image')) $image = cleanID($INPUT->str('image'));
     if (isset($IMG)) $image = $IMG;
     if (isset($JUMPTO)) $image = $JUMPTO;
     if (isset($REV) && !$JUMPTO) $rev = $REV;
@@ -237,25 +238,26 @@ function ajax_mediadetails(){
  */
 function ajax_mediadiff(){
     global $NS;
+    global $INPUT;
 
-    if ($_REQUEST['image']) $image = cleanID($_REQUEST['image']);
+    if ($INPUT->has('image')) $image = cleanID($INPUT->str('image'));
     $NS = $_POST['ns'];
-    $auth = auth_quickaclcheck("$ns:*");
+    $auth = auth_quickaclcheck("$NS:*");
     media_diff($image, $NS, $auth, true);
 }
 
 function ajax_mediaupload(){
-    global $NS, $MSG;
+    global $NS, $MSG, $INPUT;
 
     if ($_FILES['qqfile']['tmp_name']) {
-        $id = ((empty($_POST['mediaid'])) ? $_FILES['qqfile']['name'] : $_POST['mediaid']);
-    } elseif (isset($_GET['qqfile'])) {
-        $id = $_GET['qqfile'];
+        $id = $INPUT->post->str('mediaid', $_FILES['qqfile']['name']);
+    } elseif ($INPUT->get->has('qqfile')) {
+        $id = $INPUT->get->str('qqfile');
     }
 
     $id = cleanID($id);
 
-    $NS = $_REQUEST['ns'];
+    $NS = $INPUT->str('ns');
     $ns = $NS.':'.getNS($id);
 
     $AUTH = auth_quickaclcheck("$ns:*");
@@ -264,7 +266,7 @@ function ajax_mediaupload(){
     if ($_FILES['qqfile']['error']) unset($_FILES['qqfile']);
 
     if ($_FILES['qqfile']['tmp_name']) $res = media_upload($NS, $AUTH, $_FILES['qqfile']);
-    if (isset($_GET['qqfile'])) $res = media_upload_xhr($NS, $AUTH);
+    if ($INPUT->get->has('qqfile')) $res = media_upload_xhr($NS, $AUTH);
 
     if ($res) $result = array('success' => true,
         'link' => media_managerURL(array('ns' => $ns, 'image' => $NS.':'.$id), '&'),
-- 
cgit v1.2.3


From cd2f903b3e35c080dc9c1aa0c9f7383573dcae31 Mon Sep 17 00:00:00 2001
From: Michael Hamann 
Date: Fri, 7 Sep 2012 21:10:44 +0200
Subject: Correct and add some PHPDoc comments, initialize some variables

---
 lib/exe/indexer.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/exe')

diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php
index e149770c0..1ccede923 100644
--- a/lib/exe/indexer.php
+++ b/lib/exe/indexer.php
@@ -175,6 +175,7 @@ function sendDigest() {
     }
     $subscriptions = subscription_find($ID, array('style' => '(digest|list)',
                                                   'escaped' => true));
+    /** @var auth_basic $auth */
     global $auth;
     global $lang;
     global $conf;
-- 
cgit v1.2.3


From 356d9c9ea239fe5fe0ac5ecc2c294e768f672059 Mon Sep 17 00:00:00 2001
From: Hakan Sandell 
Date: Sat, 8 Sep 2012 15:02:28 +0200
Subject: Replacing $_REQUEST variables with $INPUT wrapper, init.php

---
 lib/exe/ajax.php | 47 +++++++++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 20 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index 496b2f1a1..9989269cf 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -14,10 +14,10 @@ session_write_close();
 header('Content-Type: text/html; charset=utf-8');
 
 //call the requested function
-if(isset($_POST['call'])){
-    $call = $_POST['call'];
-}else if(isset($_GET['call'])){
-    $call = $_GET['call'];
+if($INPUT->post->has('call')){
+    $call = $INPUT->post->str('call');
+}else if($INPUT->get->has('call')){
+    $call = $INPUT->get->str('call');
 }else{
     exit;
 }
@@ -43,9 +43,10 @@ if(function_exists($callfn)){
 function ajax_qsearch(){
     global $conf;
     global $lang;
+    global $INPUT;
 
-    $query = $_POST['q'];
-    if(empty($query)) $query = $_GET['q'];
+    $query = $INPUT->post->str('q');
+    if(empty($query)) $query = $INPUT->get->str('q');
     if(empty($query)) return;
 
     $query = urldecode($query);
@@ -81,9 +82,10 @@ function ajax_qsearch(){
 function ajax_suggestions() {
     global $conf;
     global $lang;
+    global $INPUT;
 
-    $query = cleanID($_POST['q']);
-    if(empty($query)) $query = cleanID($_GET['q']);
+    $query = cleanID($INPUT->post->str('q'));
+    if(empty($query)) $query = cleanID($INPUT->get->str('q'));
     if(empty($query)) return;
 
     $data = array();
@@ -121,8 +123,9 @@ function ajax_lock(){
     global $lang;
     global $ID;
     global $INFO;
+    global $INPUT;
 
-    $ID = cleanID($_POST['id']);
+    $ID = cleanID($INPUT->post->str('id'));
     if(empty($ID)) return;
 
     $INFO = pageinfo();
@@ -137,15 +140,15 @@ function ajax_lock(){
         echo 1;
     }
 
-    if($conf['usedraft'] && $_POST['wikitext']){
+    if($conf['usedraft'] && $INPUT->post->str('wikitext')){
         $client = $_SERVER['REMOTE_USER'];
         if(!$client) $client = clientIP(true);
 
         $draft = array('id'     => $ID,
-                'prefix' => substr($_POST['prefix'], 0, -1),
-                'text'   => $_POST['wikitext'],
-                'suffix' => $_POST['suffix'],
-                'date'   => (int) $_POST['date'],
+                'prefix' => substr($INPUT->post->str('prefix'), 0, -1),
+                'text'   => $INPUT->post->str('wikitext'),
+                'suffix' => $INPUT->post->str('suffix'),
+                'date'   => $INPUT->post->int('date'),
                 'client' => $client,
                 );
         $cname = getCacheName($draft['client'].$ID,'.draft');
@@ -180,9 +183,10 @@ function ajax_draftdel(){
  */
 function ajax_medians(){
     global $conf;
+    global $INPUT;
 
     // wanted namespace
-    $ns  = cleanID($_POST['ns']);
+    $ns  = cleanID($INPUT->post->str('ns'));
     $dir  = utf8_encodeFN(str_replace(':','/',$ns));
 
     $lvl = count(explode(':',$ns));
@@ -203,9 +207,10 @@ function ajax_medians(){
 function ajax_medialist(){
     global $conf;
     global $NS;
+    global $INPUT;
 
-    $NS = cleanID($_POST['ns']);
-    if ($_POST['do'] == 'media') {
+    $NS = cleanID($INPUT->post->str('ns'));
+    if ($INPUT->post->str('do') == 'media') {
         tpl_mediaFileList();
     } else {
         tpl_mediaContent(true);
@@ -241,7 +246,7 @@ function ajax_mediadiff(){
     global $INPUT;
 
     if ($INPUT->has('image')) $image = cleanID($INPUT->str('image'));
-    $NS = $_POST['ns'];
+    $NS = $INPUT->post->str('ns');
     $auth = auth_quickaclcheck("$NS:*");
     media_diff($image, $NS, $auth, true);
 }
@@ -310,9 +315,10 @@ function dir_delete($path) {
  */
 function ajax_index(){
     global $conf;
+    global $INPUT;
 
     // wanted namespace
-    $ns  = cleanID($_POST['idx']);
+    $ns  = cleanID($INPUT->post->str('idx'));
     $dir  = utf8_encodeFN(str_replace(':','/',$ns));
 
     $lvl = count(explode(':',$ns));
@@ -333,8 +339,9 @@ function ajax_index(){
 function ajax_linkwiz(){
     global $conf;
     global $lang;
+    global $INPUT;
 
-    $q  = ltrim(trim($_POST['q']),':');
+    $q  = ltrim(trim($INPUT->post->str('q')),':');
     $id = noNS($q);
     $ns = getNS($q);
 
-- 
cgit v1.2.3


From 5373d8473e7ebb71c7d2b85a36a511358343d1ac Mon Sep 17 00:00:00 2001
From: Hakan Sandell 
Date: Sat, 8 Sep 2012 15:03:03 +0200
Subject: Replacing $_REQUEST variables with $INPUT wrapper, fetch.php

---
 lib/exe/fetch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 150812b55..e8f189256 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -152,12 +152,12 @@ function sendFile($file,$mime,$dl,$cache){
  * @returns array(STATUS, STATUSMESSAGE)
  */
 function checkFileStatus(&$media, &$file, $rev='') {
-  global $MIME, $EXT, $CACHE;
+  global $MIME, $EXT, $CACHE, $INPUT;
 
   //media to local file
   if(preg_match('#^(https?)://#i',$media)){
     //check hash
-    if(substr(md5(auth_cookiesalt().$media),0,6) != $_REQUEST['hash']){
+    if(substr(md5(auth_cookiesalt().$media),0,6) != $INPUT->str('hash')){
       return array( 412, 'Precondition Failed');
     }
     //handle external images
-- 
cgit v1.2.3


From 28c7c067399b7a0c1844ca0f7d46d260b632ec08 Mon Sep 17 00:00:00 2001
From: Anika Henke 
Date: Sun, 9 Sep 2012 23:17:20 +0100
Subject: added missing DETAIL_STARTED event to lib/exe/detail.php

---
 lib/exe/detail.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/exe')

diff --git a/lib/exe/detail.php b/lib/exe/detail.php
index ea46bc037..e597db3a2 100644
--- a/lib/exe/detail.php
+++ b/lib/exe/detail.php
@@ -2,6 +2,7 @@
 if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../');
 define('DOKU_MEDIADETAIL',1);
 require_once(DOKU_INC.'inc/init.php');
+trigger_event('DETAIL_STARTED', $tmp=array());
 //close session
 session_write_close();
 
-- 
cgit v1.2.3