From 8265594d98708c1c993489099402d9ee27d2a289 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 15:55:16 +0200 Subject: move ajax.php to action.php. Fixes FS#2233 --- lib/plugins/acl/action.php | 92 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 lib/plugins/acl/action.php (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php new file mode 100644 index 000000000..92a93865c --- /dev/null +++ b/lib/plugins/acl/action.php @@ -0,0 +1,92 @@ + + */ + +// must be run within Dokuwiki +if(!defined('DOKU_INC')) die(); + +/** + * Register handler + */ +class action_plugin_acl extends DokuWiki_Action_Plugin { + + /** + * Registers a callback function for a given event + * + * @param Doku_Event_Handler $controller DokuWiki's event controller object + * @return void + */ + public function register(Doku_Event_Handler &$controller) { + + $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handle_ajax_call_acl'); + + } + + /** + * AJAX call handler for ACL plugin + * + * @param Doku_Event $event event object by reference + * @param mixed $param empty + * @return void + */ + + public function handle_ajax_call_acl(Doku_Event &$event, $param) { + if ($event->data !== 'plugin_acl') { + return; + } + $event->stopPropagation(); + $event->preventDefault(); + + + //close session + session_write_close(); + + global $conf; + global $ID; + global $INPUT; + + //fix for Opera XMLHttpRequests + $postData = http_get_raw_post_data(); + if(!count($_POST) && !empty($postData)){ + parse_str($postData, $_POST); + } + + if(!auth_isadmin()) die('for admins only'); + if(!checkSecurityToken()) die('CRSF Attack'); + + $ID = getID(); + + /** @var $acl admin_plugin_acl */ + $acl = plugin_load('admin','acl'); + $acl->handle(); + + $ajax = $INPUT->str('ajax'); + header('Content-Type: text/html; charset=utf-8'); + + if($ajax == 'info'){ + $acl->_html_info(); + }elseif($ajax == 'tree'){ + + $dir = $conf['datadir']; + $ns = $INPUT->str('ns'); + if($ns == '*'){ + $ns =''; + } + $ns = cleanID($ns); + $lvl = count(explode(':',$ns)); + $ns = utf8_encodeFN(str_replace(':','/',$ns)); + + $data = $acl->_get_tree($ns,$ns); + + foreach(array_keys($data) as $item){ + $data[$item]['level'] = $lvl+1; + } + echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), + array($acl, '_html_li_acl')); + } + } +} \ No newline at end of file -- cgit v1.2.3 From d4e2226677c742531e589ebd2b45fdd4553322ad Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 15:56:52 +0200 Subject: remove unused variable --- lib/plugins/acl/action.php | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 92a93865c..373d6cbb0 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -71,7 +71,6 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { $acl->_html_info(); }elseif($ajax == 'tree'){ - $dir = $conf['datadir']; $ns = $INPUT->str('ns'); if($ns == '*'){ $ns =''; -- cgit v1.2.3 From 219fe1dcb7250b332a77278fd31f20e5da10846c Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 16:00:45 +0200 Subject: Code reformatting and remove unused global conf --- lib/plugins/acl/action.php | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 373d6cbb0..01842250e 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -30,62 +30,62 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { * AJAX call handler for ACL plugin * * @param Doku_Event $event event object by reference - * @param mixed $param empty + * @param mixed $param empty * @return void */ public function handle_ajax_call_acl(Doku_Event &$event, $param) { - if ($event->data !== 'plugin_acl') { + if($event->data !== 'plugin_acl') { return; } $event->stopPropagation(); $event->preventDefault(); - //close session session_write_close(); - global $conf; global $ID; global $INPUT; //fix for Opera XMLHttpRequests $postData = http_get_raw_post_data(); - if(!count($_POST) && !empty($postData)){ + if(!count($_POST) && !empty($postData)) { parse_str($postData, $_POST); } if(!auth_isadmin()) die('for admins only'); if(!checkSecurityToken()) die('CRSF Attack'); - $ID = getID(); + $ID = getID(); /** @var $acl admin_plugin_acl */ - $acl = plugin_load('admin','acl'); + $acl = plugin_load('admin', 'acl'); $acl->handle(); $ajax = $INPUT->str('ajax'); header('Content-Type: text/html; charset=utf-8'); - if($ajax == 'info'){ + if($ajax == 'info') { $acl->_html_info(); - }elseif($ajax == 'tree'){ + } elseif($ajax == 'tree') { - $ns = $INPUT->str('ns'); - if($ns == '*'){ - $ns =''; + $ns = $INPUT->str('ns'); + if($ns == '*') { + $ns = ''; } - $ns = cleanID($ns); - $lvl = count(explode(':',$ns)); - $ns = utf8_encodeFN(str_replace(':','/',$ns)); + $ns = cleanID($ns); + $lvl = count(explode(':', $ns)); + $ns = utf8_encodeFN(str_replace(':', '/', $ns)); - $data = $acl->_get_tree($ns,$ns); + $data = $acl->_get_tree($ns, $ns); - foreach(array_keys($data) as $item){ - $data[$item]['level'] = $lvl+1; + foreach(array_keys($data) as $item) { + $data[$item]['level'] = $lvl + 1; } - echo html_buildlist($data, 'acl', array($acl, '_html_list_acl'), - array($acl, '_html_li_acl')); + echo html_buildlist( + $data, 'acl', array($acl, '_html_list_acl'), + array($acl, '_html_li_acl') + ); } } } \ No newline at end of file -- cgit v1.2.3 From 07be12a51cc4c7850e57b25c6c1bd86ca0004a00 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 16:04:31 +0200 Subject: acl ajax: replace die() by return --- lib/plugins/acl/action.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 01842250e..bac518fcd 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -53,8 +53,8 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { parse_str($postData, $_POST); } - if(!auth_isadmin()) die('for admins only'); - if(!checkSecurityToken()) die('CRSF Attack'); + if(!auth_isadmin()) return; + if(!checkSecurityToken()) return; $ID = getID(); -- cgit v1.2.3 From 00dd0e7e7ab5bc29658e4be85336841af70b6b97 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 14 Oct 2013 16:12:01 +0200 Subject: acl ajax: add messages to returns --- lib/plugins/acl/action.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index bac518fcd..6111aca42 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -53,8 +53,14 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { parse_str($postData, $_POST); } - if(!auth_isadmin()) return; - if(!checkSecurityToken()) return; + if(!auth_isadmin()) { + echo 'for admins only'; + return; + } + if(!checkSecurityToken()) { + echo 'CRSF Attack'; + return; + } $ID = getID(); -- cgit v1.2.3 From 4d13d89c45c088d6070c4e2da6d5b702f13c77ab Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 20 Oct 2013 21:52:19 +0200 Subject: remove obsolete opera handling and session closing --- lib/plugins/acl/action.php | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 6111aca42..5e186fb61 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -41,18 +41,9 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { $event->stopPropagation(); $event->preventDefault(); - //close session - session_write_close(); - global $ID; global $INPUT; - //fix for Opera XMLHttpRequests - $postData = http_get_raw_post_data(); - if(!count($_POST) && !empty($postData)) { - parse_str($postData, $_POST); - } - if(!auth_isadmin()) { echo 'for admins only'; return; @@ -94,4 +85,4 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { ); } } -} \ No newline at end of file +} -- cgit v1.2.3 From e82704a003f35c4e6b6b94746e9c408b22d7d229 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Mon, 28 Oct 2013 20:04:59 +0100 Subject: fixed strict violation in ACL plugin --- lib/plugins/acl/action.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/acl/action.php') diff --git a/lib/plugins/acl/action.php b/lib/plugins/acl/action.php index 5e186fb61..a7226f598 100644 --- a/lib/plugins/acl/action.php +++ b/lib/plugins/acl/action.php @@ -20,7 +20,7 @@ class action_plugin_acl extends DokuWiki_Action_Plugin { * @param Doku_Event_Handler $controller DokuWiki's event controller object * @return void */ - public function register(Doku_Event_Handler &$controller) { + public function register(Doku_Event_Handler $controller) { $controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handle_ajax_call_acl'); -- cgit v1.2.3