diff --git a/script.js b/script.js index 7f20156..bf24f36 100644 --- a/script.js +++ b/script.js @@ -294,10 +294,26 @@ el.textContent = msg || ''; } - function getSectok() { + function getSectok(root) { + // Prefer a token embedded with the rendered scratchpad. + try { + if (root && root.getAttribute) { + var t = String(root.getAttribute('data-sectok') || '').trim(); + if (t) return t; + } + } catch (e) {} + + // Fall back to DokuWiki's global JSINFO. try { if (window.JSINFO && window.JSINFO.sectok) return String(window.JSINFO.sectok); } catch (e) {} + + // Last resort: find any security token input on the page. + try { + var inp = document.querySelector('input[name="sectok"], input[name="securitytoken"]'); + if (inp && inp.value) return String(inp.value); + } catch (e2) {} + return ''; } @@ -333,7 +349,7 @@ params.set('pad', pad); params.set('id', pageId); params.set('text', text || ''); - params.set('sectok', getSectok()); + params.set('sectok', getSectok(root)); return window.fetch(endpoint, { method: 'POST', diff --git a/syntax/scratchpad.php b/syntax/scratchpad.php index 1566728..f2499a7 100644 --- a/syntax/scratchpad.php +++ b/syntax/scratchpad.php @@ -114,6 +114,11 @@ class syntax_plugin_luxtools_scratchpad extends SyntaxPlugin /** @var Doku_Renderer_xhtml $renderer */ $endpoint = DOKU_BASE . 'lib/plugins/luxtools/scratchpad.php'; + $sectok = ''; + if (function_exists('getSecurityToken')) { + $sectok = (string)getSecurityToken(); + } + global $ID; $pageId = (string)$ID; $canEdit = function_exists('auth_quickaclcheck') ? (auth_quickaclcheck($pageId) >= AUTH_EDIT) : false; @@ -123,6 +128,7 @@ class syntax_plugin_luxtools_scratchpad extends SyntaxPlugin . ' data-endpoint="' . hsc($endpoint) . '"' . ' data-pad="' . hsc($rawPad) . '"' . ' data-pageid="' . hsc($pageId) . '"' + . ' data-sectok="' . hsc($sectok) . '"' . '>'; $renderer->doc .= '
';