/**
* Clean up and validate the input data
*
* @param Doku_Event $event event object by reference
* @param mixed $param [the parameters passed as fifth argument to register_hook() when this
* handler was registered]
* @return bool
*/
public function handle_validation(Doku_Event $event, $param)
{
global $ID, $INPUT;
$act = act_clean($event->data);
if (!in_array($act, array('save', 'preview'))) {
return false;
}
$this->tosave = array();
// run the validation for each assignded schema
$valid = AccessDataValidator::validateDataForPage($INPUT->arr(self::$VAR), $ID, $errors);
if ($valid === false) {
$this->validated = false;
foreach ($errors as $error) {
msg(hsc($error), -1);
}
} else {
$this->validated = true;
$this->tosave = $valid;
}
// FIXME we used to set the cleaned data as new input data. this caused #140
// could we just not do that, and keep the cleaning to saving only? and fix that bug this way?
// did validation go through? otherwise abort saving
if (!$this->validated && $act == 'save') {
$event->data = 'edit';
}
return true;
}
/**
* Hook js script into page headers.
*
* @author Samuele Tognini <*****@*****.**>
*/
public function _handle_before(Doku_Event $event, $param)
{
$act = act_clean($event->data);
if ($act != 'diff') {
return;
}
$event->preventDefault();
revisionsfull_html_diff();
}
function before_action(&$event, $param)
{
global $ACT;
$act = act_clean($ACT);
if (!in_array($act, $this->disallowed)) {
return;
}
msg('Command disabled: ' . htmlspecialchars($act), -1);
$ACT = 'show';
$event->preventDefault();
}
/**
* Handle the click on the new table button in the toolbar
*
* @param Doku_Event $event
*/
function handle_newtable($event)
{
global $INPUT;
global $TEXT;
global $ACT;
if (!$INPUT->post->has('edittable__new')) {
return;
}
/*
* $fields['pre'] has all data before the selection when the "Insert table" button was clicked
* $fields['text'] has all data inside the selection when the "Insert table" button was clicked
* $fields['suf'] has all data after the selection when the "Insert table" button was clicked
* $TEXT has the table created by the editor (from action_plugin_edittable_editor::handle_table_post())
*/
$fields = $INPUT->post->arr('edittable__new');
// clean the fields (undos formText()) and update the post and request arrays
$fields['pre'] = cleanText($fields['pre']);
$fields['text'] = cleanText($fields['text']);
$fields['suf'] = cleanText($fields['suf']);
$INPUT->post->set('edittable__new', $fields);
$ACT = act_clean($ACT);
switch ($ACT) {
case 'preview':
// preview view of a table edit
$INPUT->post->set('target', 'table');
break;
case 'edit':
// edit view of a table (first edit)
$INPUT->post->set('target', 'table');
$TEXT = "^ ^ ^\n";
foreach (explode("\n", $fields['text']) as $line) {
$TEXT .= "| {$line} | |\n";
}
break;
case 'draftdel':
// not sure if/how this would happen, we restore all data and hand over to section edit
$INPUT->post->set('target', 'section');
$TEXT = $fields['pre'] . $fields['text'] . $fields['suf'];
$ACT = 'edit';
break;
case 'save':
// return to edit page
$INPUT->post->set('target', 'section');
$TEXT = $fields['pre'] . $TEXT . $fields['suf'];
$ACT = 'edit';
break;
}
}
/**
* @param Doku_Event $event
* @param mixed $param
*/
public function handle_request(&$event, $param)
{
$act = act_clean($event->data);
if ($act != 'adfs') {
return;
}
$event->preventDefault();
$event->stopPropagation();
global $conf;
$valid = gmstrftime('%Y-%m-%dT%H:%M:%SZ', strtotime('+4 weeks'));
$consumer = DOKU_URL . DOKU_SCRIPT;
header('Content-Type: application/samlmetadata+xml');
header('Content-Disposition: attachment; filename="saml-metadata.xml"');
echo '<?xml version="1.0"?>' . DOKU_LF;
echo '<EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="' . DOKU_URL . '"
validUntil="' . $valid . '">' . DOKU_LF;
echo ' <SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
WantAssertionsSigned="true">' . DOKU_LF;
echo ' <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>' . DOKU_LF;
echo ' <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>' . DOKU_LF;
echo ' <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>' . DOKU_LF;
echo ' <AssertionConsumerService
index="1"
isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="' . $consumer . '"/>' . DOKU_LF;
echo ' </SPSSODescriptor>' . DOKU_LF;
echo ' <Organization>' . DOKU_LF;
echo ' <OrganizationName xml:lang="' . $conf['lang'] . '">' . hsc($conf['title']) . '</OrganizationName>' . DOKU_LF;
echo ' <OrganizationDisplayName xml:lang="' . $conf['lang'] . '">' . hsc($conf['title']) . '</OrganizationDisplayName>' . DOKU_LF;
echo ' <OrganizationURL xml:lang="' . $conf['lang'] . '">' . DOKU_URL . '</OrganizationURL>' . DOKU_LF;
echo ' </Organization>' . DOKU_LF;
echo '</EntityDescriptor>' . DOKU_LF;
exit;
}
/**
* Intercept all actions and check for CAPTCHA first.
*/
public function handle_captcha_input(Doku_Event $event, $param)
{
$act = act_clean($event->data);
if (!$this->needs_checking($act)) {
return;
}
// do nothing if logged in user and no CAPTCHA required
if (!$this->getConf('forusers') && $_SERVER['REMOTE_USER']) {
return;
}
// check captcha
/** @var helper_plugin_captcha $helper */
$helper = plugin_load('helper', 'captcha');
if (!$helper->check()) {
$event->data = $this->abort_action($act);
}
}
public function handle_action_show_redirect(Doku_Event &$event, $param)
{
$act = $event->data['preact'];
if ($act != 'dokutranslate_review') {
$act = act_clean($act);
}
if (($act == 'save' || $act == 'draftdel') && @file_exists(metaFN($event->data['id'], '.translate'))) {
$event->data['fragment'] = '_par' . getParID();
}
}
/**
* Call the needed action handlers
*
* @author Andreas Gohr <*****@*****.**>
* @triggers ACTION_ACT_PREPROCESS
* @triggers ACTION_HEADERS_SEND
*/
function act_dispatch()
{
global $INFO;
global $ACT;
global $ID;
global $QUERY;
global $lang;
global $conf;
global $license;
$preact = $ACT;
// give plugins an opportunity to process the action
$evt = new Doku_Event('ACTION_ACT_PREPROCESS', $ACT);
if ($evt->advise_before()) {
//sanitize $ACT
$ACT = act_clean($ACT);
//check if searchword was given - else just show
$s = cleanID($QUERY);
if ($ACT == 'search' && empty($s)) {
$ACT = 'show';
}
//login stuff
if (in_array($ACT, array('login', 'logout'))) {
$ACT = act_auth($ACT);
}
//check if user is asking to (un)subscribe a page
if ($ACT == 'subscribe') {
try {
$ACT = act_subscription($ACT);
} catch (Exception $e) {
msg($e->getMessage(), -1);
}
}
//check permissions
$ACT = act_permcheck($ACT);
//register
$nil = array();
if ($ACT == 'register' && $_POST['save'] && register()) {
$ACT = 'login';
}
if ($ACT == 'resendpwd' && act_resendpwd()) {
$ACT = 'login';
}
//update user profile
if ($ACT == 'profile') {
if (!$_SERVER['REMOTE_USER']) {
$ACT = 'login';
} else {
if (updateprofile()) {
msg($lang['profchanged'], 1);
$ACT = 'show';
}
}
}
//revert
if ($ACT == 'revert') {
if (checkSecurityToken()) {
$ACT = act_revert($ACT);
} else {
$ACT = 'show';
}
}
//save
if ($ACT == 'save') {
if (checkSecurityToken()) {
$ACT = act_save($ACT);
} else {
$ACT = 'show';
}
}
//cancel conflicting edit
if ($ACT == 'cancel') {
$ACT = 'show';
}
//draft deletion
if ($ACT == 'draftdel') {
$ACT = act_draftdel($ACT);
}
//draft saving on preview
if ($ACT == 'preview') {
$ACT = act_draftsave($ACT);
}
//edit
if (($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']) {
$ACT = act_edit($ACT);
} else {
unlock($ID);
//try to unlock
}
//handle export
if (substr($ACT, 0, 7) == 'export_') {
$ACT = act_export($ACT);
}
//display some infos
if ($ACT == 'check') {
check();
$ACT = 'show';
}
//handle admin tasks
if ($ACT == 'admin') {
// retrieve admin plugin name from $_REQUEST['page']
if (!empty($_REQUEST['page'])) {
$pluginlist = plugin_list('admin');
if (in_array($_REQUEST['page'], $pluginlist)) {
// attempt to load the plugin
if (($plugin =& plugin_load('admin', $_REQUEST['page'])) !== null) {
$plugin->handle();
}
}
}
}
// check permissions again - the action may have changed
$ACT = act_permcheck($ACT);
}
// end event ACTION_ACT_PREPROCESS default action
$evt->advise_after();
unset($evt);
// when action 'show', the intial not 'show' and POST, do a redirect
if ($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
act_redirect($ID, $preact);
}
//call template FIXME: all needed vars available?
$headers[] = 'Content-Type: text/html; charset=utf-8';
trigger_event('ACTION_HEADERS_SEND', $headers, 'act_sendheaders');
include template('main.php');
// output for the commands is now handled in inc/templates.php
// in function tpl_content()
}
/**
* catch standard logins/logouts
*
* @param Doku_Event $event
* @param mixed $param data passed to the event handler
*/
public function handle_before(Doku_Event $event, $param)
{
$act = act_clean($event->data);
if ($act == 'logout') {
$this->_log('logged off');
} elseif (!empty($_SERVER['REMOTE_USER']) && $act == 'login') {
if (isset($_REQUEST['r'])) {
$this->_log('logged in permanently');
} else {
$this->_log('logged in temporarily');
}
} elseif ($_REQUEST['u'] && $_REQUEST['http_credentials'] && empty($_SERVER['REMOTE_USER'])) {
$this->_log('failed login attempt');
}
}
/**
* Sanitize and validate action commands.
*
* Add all allowed commands here.
*
* @author Andreas Gohr <*****@*****.**>
*/
function act_validate($act)
{
global $conf;
global $INFO;
$act = act_clean($act);
// check if action is disabled
if (!actionOK($act)) {
msg('Command disabled: ' . htmlspecialchars($act), -1);
return 'show';
}
//disable all acl related commands if ACL is disabled
if (!$conf['useacl'] && in_array($act, array('login', 'logout', 'register', 'admin', 'subscribe', 'unsubscribe', 'profile', 'revert', 'resendpwd'))) {
msg('Command unavailable: ' . htmlspecialchars($act), -1);
return 'show';
}
//is there really a draft?
if ($act == 'draft' && !file_exists($INFO['draft'])) {
return 'edit';
}
if (!in_array($act, array('login', 'logout', 'register', 'save', 'cancel', 'edit', 'draft', 'preview', 'search', 'show', 'check', 'index', 'revisions', 'diff', 'recent', 'backlink', 'admin', 'subscribe', 'revert', 'unsubscribe', 'profile', 'resendpwd', 'recover', 'draftdel', 'sitemap', 'media')) && substr($act, 0, 7) != 'export_') {
msg('Command unknown: ' . htmlspecialchars($act), -1);
return 'show';
}
return $act;
}
