blob: 50156dcaf48a5980d71cb0030b54e0ec5bbeca36 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
<?php
use dokuwiki\Extension\ActionPlugin;
use dokuwiki\Extension\Event;
use dokuwiki\Extension\EventHandler;
use dokuwiki\plugin\extension\Extension;
use dokuwiki\plugin\extension\GuiExtension;
/** DokuWiki Plugin extension (Action Component)
*
* @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
* @author Andreas Gohr <andi@splitbrain.org>
*/
class action_plugin_extension extends ActionPlugin
{
/**
* Registers a callback function for a given event
*
* @param EventHandler $controller DokuWiki's event controller object
* @return void
*/
public function register(EventHandler $controller)
{
$controller->register_hook('AJAX_CALL_UNKNOWN', 'BEFORE', $this, 'handleAjaxToggle');
}
/**
* Toggle an extension via AJAX
*
* Returns the new HTML for the extension
*
* @param Event $event
* @param $param
*/
public function handleAjaxToggle(Event $event, $param)
{
global $INPUT;
if ($event->data != 'plugin_extension') return;
$event->preventDefault();
$event->stopPropagation();
/** @var admin_plugin_extension $admin */
$admin = plugin_load('admin', 'extension');
if (!$admin->isAccessibleByCurrentUser()) {
http_status(403);
echo 'Forbidden';
exit;
}
$ext = $INPUT->str('ext');
if (!$ext) {
http_status(400);
echo 'no extension given';
return;
}
if (getSecurityToken() != $INPUT->str('sectok')) {
http_status(403);
echo 'Security Token did not match. Possible CSRF attack.';
return;
}
try {
$extension = Extension::createFromId($ext);
$extension->toggle();
} catch (Exception $e) {
http_status(500);
echo $e->getMessage();
return;
}
header('Content-Type: text/html; charset=utf-8');
echo (new GuiExtension($extension))->render();
}
}
|
