luxick/luxtools-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix token issue when saving scratchpad

Browse Source
This commit is contained in:
luxick
2026-01-09 09:44:08 +01:00
parent 6328523624
commit a704640ebc
2 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
script.js
View File

@@ -294,10 +294,26 @@
el.textContent = msg || ''; el.textContent = msg || '';
} }
function getSectok() { function getSectok(root) {
// Prefer a token embedded with the rendered scratchpad.
try {
if (root && root.getAttribute) {
var t = String(root.getAttribute('data-sectok') || '').trim();
if (t) return t;
}
} catch (e) {}
// Fall back to DokuWiki's global JSINFO.
try { try {
if (window.JSINFO && window.JSINFO.sectok) return String(window.JSINFO.sectok); if (window.JSINFO && window.JSINFO.sectok) return String(window.JSINFO.sectok);
} catch (e) {} } catch (e) {}
// Last resort: find any security token input on the page.
try {
var inp = document.querySelector('input[name="sectok"], input[name="securitytoken"]');
if (inp && inp.value) return String(inp.value);
} catch (e2) {}
return ''; return '';
} }
@@ -333,7 +349,7 @@
params.set('pad', pad); params.set('pad', pad);
params.set('id', pageId); params.set('id', pageId);
params.set('text', text || ''); params.set('text', text || '');
params.set('sectok', getSectok()); params.set('sectok', getSectok(root));
return window.fetch(endpoint, { return window.fetch(endpoint, {
method: 'POST', method: 'POST',

6
syntax/scratchpad.php
View File

@@ -114,6 +114,11 @@ class syntax_plugin_luxtools_scratchpad extends SyntaxPlugin
/** @var Doku_Renderer_xhtml $renderer */ /** @var Doku_Renderer_xhtml $renderer */
$endpoint = DOKU_BASE . 'lib/plugins/luxtools/scratchpad.php'; $endpoint = DOKU_BASE . 'lib/plugins/luxtools/scratchpad.php';
$sectok = '';
if (function_exists('getSecurityToken')) {
$sectok = (string)getSecurityToken();
}
global $ID; global $ID;
$pageId = (string)$ID; $pageId = (string)$ID;
$canEdit = function_exists('auth_quickaclcheck') ? (auth_quickaclcheck($pageId) >= AUTH_EDIT) : false; $canEdit = function_exists('auth_quickaclcheck') ? (auth_quickaclcheck($pageId) >= AUTH_EDIT) : false;
@@ -123,6 +128,7 @@ class syntax_plugin_luxtools_scratchpad extends SyntaxPlugin
. ' data-endpoint="' . hsc($endpoint) . '"' . ' data-endpoint="' . hsc($endpoint) . '"'
. ' data-pad="' . hsc($rawPad) . '"' . ' data-pad="' . hsc($rawPad) . '"'
. ' data-pageid="' . hsc($pageId) . '"' . ' data-pageid="' . hsc($pageId) . '"'
. ' data-sectok="' . hsc($sectok) . '"'
. '>'; . '>';
$renderer->doc .= '<div class="luxtools-scratchpad-bar">'; $renderer->doc .= '<div class="luxtools-scratchpad-bar">';