VladPolskiy/dokuwiki-plugin-struct
1
0
Fork 0
mirror of https://github.com/cosmocode/dokuwiki-plugin-struct.git synced 2025-08-06 10:24:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

do various checks before editing and saving

Browse Source 
ACLs, CSRF, page locking
This commit is contained in:
Andreas Gohr
2016-08-01 16:59:54 +02:00
parent 4731b875bb
commit cdd09a9619
2 changed files with 54 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
action/inline.php
View File

@ -64,43 +64,55 @@ class action_plugin_struct_inline extends DokuWiki_Action_Plugin {
echo $e->getMessage();
}
}
if(substr($event->data,$len) == 'cancel') {
$this->inline_cancel();
}
}
/**
* Creates the inline editor
*/
protected function inline_editor() {
// silently fail when editing not possible
if(!$this->initFromInput()) return;
if(auth_quickaclcheck($this->pid) < AUTH_EDIT) return;
if(checklock($this->pid)) return;
// lock page
lock($this->pid);
// FIXME check read permission
// FIXME lock page
// output the editor
$value = $this->schemadata->getDataColumn($this->column);
echo '<div>';
echo $value->getValueEditor('entry');
echo '</div>';
$hint = $this->column->getType()->getTranslatedHint();
if($hint) {
echo '<div class="hint">';
echo hsc($hint);
echo '</div>';
}
// csrf protection
formSecurityToken();
}
/**
* Save the data posted by the inline editor
*/
protected function inline_save() {
global $INPUT;
if(!$this->initFromInput()) {
if (
!$this->initFromInput() || // initialize
getSecurityToken() != $INPUT->str('sectoc') || // csrf check
auth_quickaclcheck($this->pid) < AUTH_EDIT || // edit permissions
checklock($this->pid) // page is locked
) {
throw new StructException('inline save error');
}
// FIXME
// FIXME handle CSRF protection
// FIXME check write permission
// FIXME make sure page still locked
// validate
$value = $INPUT->param('entry');
$validator = new Validator();
@ -118,16 +130,26 @@ class action_plugin_struct_inline extends DokuWiki_Action_Plugin {
$helper = plugin_load('helper', 'struct');
$helper->saveData($this->pid, $tosave, 'inline edit');
// unlock
unlock($this->pid);
// reinit then render
$this->initFromInput();
$value = $this->schemadata->getDataColumn($this->column);
$R = new Doku_Renderer_xhtml();
$value->render($R, 'xhtml'); // FIXME use configured default renderer
echo $R->doc;
}
/**
* Unlock a page (on cancel action)
*/
protected function inline_cancel() {
global $INPUT;
$pid = $INPUT->str('pid');
unlock($pid);
}
/**
* Initialize internal state based on input variables
*

25
script.js
View File

@ -232,6 +232,9 @@ jQuery(function () {
});
});
/**
* Confirm Schema Deletion
*/
jQuery('a.deleteSchema').click(function (event) {
var schema = jQuery(this).closest('tr').find('td:nth-child(2)').text();
var page = jQuery(this).closest('tr').find('td:nth-child(1)').text();
@ -241,8 +244,14 @@ jQuery(function () {
}
});
/**
* Inline Editor
*
* @todo move to separate file
*/
jQuery('div.structaggregation table td').dblclick(function (e) {
e.preventDefault();
var $self = jQuery(this);
var pid = $self.parent().data('pid');
var field = $self.parents('table').find('tr th').eq($self.index()).data('field');
@ -261,7 +270,6 @@ jQuery(function () {
$form.append('<input type="hidden" name="call" value="plugin_struct_inline_save">');
$form.append(jQuery('<div class="ctl">').append($save).append($cancel));
/**
* load the editor
*/
@ -291,7 +299,6 @@ jQuery(function () {
}
);
/**
* Save the data, then close the form
*/
@ -319,14 +326,18 @@ jQuery(function () {
* Close the editor without saving
*/
$cancel.click(function (e) {
// FIXME unlock page
// unlock page
jQuery.post(
DOKU_BASE + 'lib/exe/ajax.php',
{
call: 'plugin_struct_inline_cancel',
pid: pid
}
);
e.preventDefault();
$div.remove();
});
});
});