/** * Clean up and validate the input data * * @param Doku_Event $event event object by reference * @param mixed $param [the parameters passed as fifth argument to register_hook() when this * handler was registered] * @return bool */ public function handle_validation(Doku_Event $event, $param) { global $ID, $INPUT; $act = act_clean($event->data); if (!in_array($act, array('save', 'preview'))) { return false; } $this->tosave = array(); // run the validation for each assignded schema $valid = AccessDataValidator::validateDataForPage($INPUT->arr(self::$VAR), $ID, $errors); if ($valid === false) { $this->validated = false; foreach ($errors as $error) { msg(hsc($error), -1); } } else { $this->validated = true; $this->tosave = $valid; } // FIXME we used to set the cleaned data as new input data. this caused #140 // could we just not do that, and keep the cleaning to saving only? and fix that bug this way? // did validation go through? otherwise abort saving if (!$this->validated && $act == 'save') { $event->data = 'edit'; } return true; }
/** * Hook js script into page headers. * * @author Samuele Tognini <*****@*****.**> */ public function _handle_before(Doku_Event $event, $param) { $act = act_clean($event->data); if ($act != 'diff') { return; } $event->preventDefault(); revisionsfull_html_diff(); }
function before_action(&$event, $param) { global $ACT; $act = act_clean($ACT); if (!in_array($act, $this->disallowed)) { return; } msg('Command disabled: ' . htmlspecialchars($act), -1); $ACT = 'show'; $event->preventDefault(); }
/** * Handle the click on the new table button in the toolbar * * @param Doku_Event $event */ function handle_newtable($event) { global $INPUT; global $TEXT; global $ACT; if (!$INPUT->post->has('edittable__new')) { return; } /* * $fields['pre'] has all data before the selection when the "Insert table" button was clicked * $fields['text'] has all data inside the selection when the "Insert table" button was clicked * $fields['suf'] has all data after the selection when the "Insert table" button was clicked * $TEXT has the table created by the editor (from action_plugin_edittable_editor::handle_table_post()) */ $fields = $INPUT->post->arr('edittable__new'); // clean the fields (undos formText()) and update the post and request arrays $fields['pre'] = cleanText($fields['pre']); $fields['text'] = cleanText($fields['text']); $fields['suf'] = cleanText($fields['suf']); $INPUT->post->set('edittable__new', $fields); $ACT = act_clean($ACT); switch ($ACT) { case 'preview': // preview view of a table edit $INPUT->post->set('target', 'table'); break; case 'edit': // edit view of a table (first edit) $INPUT->post->set('target', 'table'); $TEXT = "^ ^ ^\n"; foreach (explode("\n", $fields['text']) as $line) { $TEXT .= "| {$line} | |\n"; } break; case 'draftdel': // not sure if/how this would happen, we restore all data and hand over to section edit $INPUT->post->set('target', 'section'); $TEXT = $fields['pre'] . $fields['text'] . $fields['suf']; $ACT = 'edit'; break; case 'save': // return to edit page $INPUT->post->set('target', 'section'); $TEXT = $fields['pre'] . $TEXT . $fields['suf']; $ACT = 'edit'; break; } }
/** * @param Doku_Event $event * @param mixed $param */ public function handle_request(&$event, $param) { $act = act_clean($event->data); if ($act != 'adfs') { return; } $event->preventDefault(); $event->stopPropagation(); global $conf; $valid = gmstrftime('%Y-%m-%dT%H:%M:%SZ', strtotime('+4 weeks')); $consumer = DOKU_URL . DOKU_SCRIPT; header('Content-Type: application/samlmetadata+xml'); header('Content-Disposition: attachment; filename="saml-metadata.xml"'); echo '<?xml version="1.0"?>' . DOKU_LF; echo '<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="' . DOKU_URL . '" validUntil="' . $valid . '">' . DOKU_LF; echo ' <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="true">' . DOKU_LF; echo ' <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>' . DOKU_LF; echo ' <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>' . DOKU_LF; echo ' <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>' . DOKU_LF; echo ' <AssertionConsumerService index="1" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="' . $consumer . '"/>' . DOKU_LF; echo ' </SPSSODescriptor>' . DOKU_LF; echo ' <Organization>' . DOKU_LF; echo ' <OrganizationName xml:lang="' . $conf['lang'] . '">' . hsc($conf['title']) . '</OrganizationName>' . DOKU_LF; echo ' <OrganizationDisplayName xml:lang="' . $conf['lang'] . '">' . hsc($conf['title']) . '</OrganizationDisplayName>' . DOKU_LF; echo ' <OrganizationURL xml:lang="' . $conf['lang'] . '">' . DOKU_URL . '</OrganizationURL>' . DOKU_LF; echo ' </Organization>' . DOKU_LF; echo '</EntityDescriptor>' . DOKU_LF; exit; }
/** * Intercept all actions and check for CAPTCHA first. */ public function handle_captcha_input(Doku_Event $event, $param) { $act = act_clean($event->data); if (!$this->needs_checking($act)) { return; } // do nothing if logged in user and no CAPTCHA required if (!$this->getConf('forusers') && $_SERVER['REMOTE_USER']) { return; } // check captcha /** @var helper_plugin_captcha $helper */ $helper = plugin_load('helper', 'captcha'); if (!$helper->check()) { $event->data = $this->abort_action($act); } }
public function handle_action_show_redirect(Doku_Event &$event, $param) { $act = $event->data['preact']; if ($act != 'dokutranslate_review') { $act = act_clean($act); } if (($act == 'save' || $act == 'draftdel') && @file_exists(metaFN($event->data['id'], '.translate'))) { $event->data['fragment'] = '_par' . getParID(); } }
/** * Call the needed action handlers * * @author Andreas Gohr <*****@*****.**> * @triggers ACTION_ACT_PREPROCESS * @triggers ACTION_HEADERS_SEND */ function act_dispatch() { global $INFO; global $ACT; global $ID; global $QUERY; global $lang; global $conf; global $license; $preact = $ACT; // give plugins an opportunity to process the action $evt = new Doku_Event('ACTION_ACT_PREPROCESS', $ACT); if ($evt->advise_before()) { //sanitize $ACT $ACT = act_clean($ACT); //check if searchword was given - else just show $s = cleanID($QUERY); if ($ACT == 'search' && empty($s)) { $ACT = 'show'; } //login stuff if (in_array($ACT, array('login', 'logout'))) { $ACT = act_auth($ACT); } //check if user is asking to (un)subscribe a page if ($ACT == 'subscribe') { try { $ACT = act_subscription($ACT); } catch (Exception $e) { msg($e->getMessage(), -1); } } //check permissions $ACT = act_permcheck($ACT); //register $nil = array(); if ($ACT == 'register' && $_POST['save'] && register()) { $ACT = 'login'; } if ($ACT == 'resendpwd' && act_resendpwd()) { $ACT = 'login'; } //update user profile if ($ACT == 'profile') { if (!$_SERVER['REMOTE_USER']) { $ACT = 'login'; } else { if (updateprofile()) { msg($lang['profchanged'], 1); $ACT = 'show'; } } } //revert if ($ACT == 'revert') { if (checkSecurityToken()) { $ACT = act_revert($ACT); } else { $ACT = 'show'; } } //save if ($ACT == 'save') { if (checkSecurityToken()) { $ACT = act_save($ACT); } else { $ACT = 'show'; } } //cancel conflicting edit if ($ACT == 'cancel') { $ACT = 'show'; } //draft deletion if ($ACT == 'draftdel') { $ACT = act_draftdel($ACT); } //draft saving on preview if ($ACT == 'preview') { $ACT = act_draftsave($ACT); } //edit if (($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']) { $ACT = act_edit($ACT); } else { unlock($ID); //try to unlock } //handle export if (substr($ACT, 0, 7) == 'export_') { $ACT = act_export($ACT); } //display some infos if ($ACT == 'check') { check(); $ACT = 'show'; } //handle admin tasks if ($ACT == 'admin') { // retrieve admin plugin name from $_REQUEST['page'] if (!empty($_REQUEST['page'])) { $pluginlist = plugin_list('admin'); if (in_array($_REQUEST['page'], $pluginlist)) { // attempt to load the plugin if (($plugin =& plugin_load('admin', $_REQUEST['page'])) !== null) { $plugin->handle(); } } } } // check permissions again - the action may have changed $ACT = act_permcheck($ACT); } // end event ACTION_ACT_PREPROCESS default action $evt->advise_after(); unset($evt); // when action 'show', the intial not 'show' and POST, do a redirect if ($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post') { act_redirect($ID, $preact); } //call template FIXME: all needed vars available? $headers[] = 'Content-Type: text/html; charset=utf-8'; trigger_event('ACTION_HEADERS_SEND', $headers, 'act_sendheaders'); include template('main.php'); // output for the commands is now handled in inc/templates.php // in function tpl_content() }
/** * catch standard logins/logouts * * @param Doku_Event $event * @param mixed $param data passed to the event handler */ public function handle_before(Doku_Event $event, $param) { $act = act_clean($event->data); if ($act == 'logout') { $this->_log('logged off'); } elseif (!empty($_SERVER['REMOTE_USER']) && $act == 'login') { if (isset($_REQUEST['r'])) { $this->_log('logged in permanently'); } else { $this->_log('logged in temporarily'); } } elseif ($_REQUEST['u'] && $_REQUEST['http_credentials'] && empty($_SERVER['REMOTE_USER'])) { $this->_log('failed login attempt'); } }
/** * Sanitize and validate action commands. * * Add all allowed commands here. * * @author Andreas Gohr <*****@*****.**> */ function act_validate($act) { global $conf; global $INFO; $act = act_clean($act); // check if action is disabled if (!actionOK($act)) { msg('Command disabled: ' . htmlspecialchars($act), -1); return 'show'; } //disable all acl related commands if ACL is disabled if (!$conf['useacl'] && in_array($act, array('login', 'logout', 'register', 'admin', 'subscribe', 'unsubscribe', 'profile', 'revert', 'resendpwd'))) { msg('Command unavailable: ' . htmlspecialchars($act), -1); return 'show'; } //is there really a draft? if ($act == 'draft' && !file_exists($INFO['draft'])) { return 'edit'; } if (!in_array($act, array('login', 'logout', 'register', 'save', 'cancel', 'edit', 'draft', 'preview', 'search', 'show', 'check', 'index', 'revisions', 'diff', 'recent', 'backlink', 'admin', 'subscribe', 'revert', 'unsubscribe', 'profile', 'resendpwd', 'recover', 'draftdel', 'sitemap', 'media')) && substr($act, 0, 7) != 'export_') { msg('Command unknown: ' . htmlspecialchars($act), -1); return 'show'; } return $act; }