luxick/luxtools-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
23a50ce4f675d945004311116086180b4a61957d
luxtools-plugin/admin/main.php
luxick 23a50ce4f6 Access control for file serving 
Authenticated user only for now
2026-01-09 10:32:15 +01:00

255 lines
9.1 KiB
PHP
Raw Blame History

<?php
/**
* luxtools: Admin settings page
*/
// must be run within Dokuwiki
if (!defined('DOKU_INC')) die();
class admin_plugin_luxtools_main extends DokuWiki_Admin_Plugin
{
/** @var string[] */
protected $configKeys = [
'access_allow',
'paths',
'scratchpad_paths',
'allow_in_comments',
'defaults',
'extensions',
'thumb_placeholder',
'gallery_thumb_scale',
'open_service_url',
];
public function getMenuText($language)
{
return $this->getLang('menu');
}
public function getMenuSort()
{
// keep near other plugin tools
return 1011;
}
public function forAdminOnly()
{
return true;
}
public function handle()
{
global $INPUT;
if ($INPUT->str('luxtools_cmd') !== 'save') return;
if (!checkSecurityToken()) {
msg($this->getLang('err_security'), -1);
return;
}
$newConf = [];
$accessAllow = $INPUT->str('access_allow');
$accessAllow = str_replace(["\r\n", "\r"], "\n", $accessAllow);
$newConf['access_allow'] = $accessAllow;
// Normalize newlines to "\n" for consistent parsing
$paths = $INPUT->str('paths');
$paths = str_replace(["\r\n", "\r"], "\n", $paths);
$newConf['paths'] = $paths;
$scratchpadPaths = $INPUT->str('scratchpad_paths');
$scratchpadPaths = str_replace(["\r\n", "\r"], "\n", $scratchpadPaths);
$newConf['scratchpad_paths'] = $scratchpadPaths;
$newConf['allow_in_comments'] = (int)$INPUT->bool('allow_in_comments');
$newConf['defaults'] = $INPUT->str('defaults');
$newConf['extensions'] = $INPUT->str('extensions');
$newConf['thumb_placeholder'] = $INPUT->str('thumb_placeholder');
$newConf['gallery_thumb_scale'] = $INPUT->str('gallery_thumb_scale');
$newConf['open_service_url'] = $INPUT->str('open_service_url');
if ($this->savePluginLocalConf($newConf)) {
msg($this->getLang('saved'), 1);
} else {
msg($this->getLang('err_save'), -1);
}
}
public function html()
{
global $ID;
echo '<div class="plugin_luxtools_admin">';
echo '<h1>' . hsc($this->getLang('settings')) . '</h1>';
echo '<form action="' . hsc(wl($ID)) . '" method="post" class="plugin_luxtools_admin_form">';
echo '<input type="hidden" name="do" value="admin" />';
echo '<input type="hidden" name="page" value="luxtools_main" />';
echo '<input type="hidden" name="id" value="' . hsc($ID) . '" />';
echo '<input type="hidden" name="luxtools_cmd" value="save" />';
echo formSecurityToken();
echo '<fieldset>';
echo '<legend>' . hsc($this->getLang('legend')) . '</legend>';
// access_allow: multiline (users/groups)
$accessAllow = (string)$this->getConf('access_allow');
echo '<label class="block"><span>' . hsc($this->getLang('access_allow')) . '</span><br />';
echo '<textarea name="access_allow" rows="3" cols="80" class="edit">' . hsc($accessAllow) . '</textarea>';
echo '</label><br />';
// paths: multiline textarea
$paths = (string)$this->getConf('paths');
echo '<label class="block"><span>' . hsc($this->getLang('paths')) . '</span><br />';
echo '<textarea name="paths" rows="8" cols="80" class="edit">' . hsc($paths) . '</textarea>';
echo '</label><br />';
// scratchpad_paths: multiline textarea
$scratchpadPaths = (string)$this->getConf('scratchpad_paths');
echo '<label class="block"><span>' . hsc($this->getLang('scratchpad_paths')) . '</span><br />';
echo '<textarea name="scratchpad_paths" rows="6" cols="80" class="edit">' . hsc($scratchpadPaths) . '</textarea>';
echo '</label><br />';
// allow_in_comments
$checked = $this->getConf('allow_in_comments') ? ' checked="checked"' : '';
echo '<label class="block"><span>' . hsc($this->getLang('allow_in_comments')) . '</span> ';
echo '<input type="checkbox" name="allow_in_comments" value="1"' . $checked . ' />';
echo '</label><br />';
// defaults
echo '<label class="block"><span>' . hsc($this->getLang('defaults')) . '</span> ';
echo '<input type="text" class="edit" name="defaults" value="' . hsc((string)$this->getConf('defaults')) . '" />';
echo '</label><br />';
// extensions
echo '<label class="block"><span>' . hsc($this->getLang('extensions')) . '</span> ';
echo '<input type="text" class="edit" name="extensions" value="' . hsc((string)$this->getConf('extensions')) . '" />';
echo '</label><br />';
// thumb_placeholder
echo '<label class="block"><span>' . hsc($this->getLang('thumb_placeholder')) . '</span> ';
echo '<input type="text" class="edit" name="thumb_placeholder" value="' . hsc((string)$this->getConf('thumb_placeholder')) . '" />';
echo '</label><br />';
// gallery_thumb_scale
echo '<label class="block"><span>' . hsc($this->getLang('gallery_thumb_scale')) . '</span> ';
echo '<input type="text" class="edit" name="gallery_thumb_scale" value="' . hsc((string)$this->getConf('gallery_thumb_scale')) . '" />';
echo '</label><br />';
// open_service_url
echo '<label class="block"><span>' . hsc($this->getLang('open_service_url')) . '</span> ';
echo '<input type="text" class="edit" name="open_service_url" value="' . hsc((string)$this->getConf('open_service_url')) . '" />';
echo '</label><br />';
echo '<button type="submit" class="button">' . hsc($this->getLang('btn_save')) . '</button>';
echo '</fieldset>';
echo '</form>';
echo '</div>';
}
/**
* Persist plugin settings to conf/local.php.
*
* DokuWiki loads conf/local.php on each request; values written there will
* be available via getConf(). We write into a dedicated BEGIN/END block so
* updates are idempotent.
*
* @param array $newConf
* @return bool
*/
protected function savePluginLocalConf(array $newConf)
{
if (!defined('DOKU_CONF')) return false;
$plugin = 'luxtools';
$file = DOKU_CONF . 'local.php';
$existing = '';
if (@is_file($file) && @is_readable($file)) {
$existing = (string)file_get_contents($file);
}
if ($existing === '') {
$existing = "<?php\n";
}
if (!str_starts_with($existing, "<?php")) {
// unexpected format - do not overwrite
return false;
}
$begin = "// BEGIN LUXTOOLS\n";
$end = "// END LUXTOOLS\n";
// Build the block
$lines = [$begin];
foreach ($this->configKeys as $key) {
if (!array_key_exists($key, $newConf)) continue;
$value = $newConf[$key];
$lines[] = '$conf[\'plugin\'][\'' . $plugin . '\'][' . var_export($key, true) . '] = ' . $this->exportPhpValue($value, $key) . ';';
}
$lines[] = $end;
$block = implode("\n", $lines);
// Replace or append the block in conf/local.php
$beginPos = strpos($existing, $begin);
if ($beginPos !== false) {
$endPos = strpos($existing, $end, $beginPos);
if ($endPos === false) {
// malformed existing block - append a new one
$content = rtrim($existing) . "\n\n" . $block;
} else {
$endPos += strlen($end);
$content = substr($existing, 0, $beginPos) . $block . substr($existing, $endPos);
}
} else {
$content = rtrim($existing) . "\n\n" . $block;
}
$ok = false;
if (function_exists('io_saveFile')) {
$ok = (bool)io_saveFile($file, $content);
} else {
$ok = @file_put_contents($file, $content, LOCK_EX) !== false;
}
// Best-effort cleanup: stop creating/using legacy conf/plugins/luxtools.local.php
$legacy = DOKU_CONF . 'plugins/' . $plugin . '.local.php';
if (@is_file($legacy)) {
@unlink($legacy);
}
return $ok;
}
/**
* Export a value to PHP code.
*
* We use nowdoc for multiline strings to safely preserve newlines.
*
* @param mixed $value
* @param string $key
* @return string
*/
protected function exportPhpValue($value, string $key): string
{
if (is_bool($value) || is_int($value) || is_float($value) || $value === null) {
return var_export($value, true);
}
$value = (string)$value;
if (str_contains($value, "\n") || str_contains($value, "\r")) {
$marker = strtoupper('LUXTOOLS_' . preg_replace('/[^A-Z0-9_]/i', '_', $key) . '_EOT');
// Extremely unlikely, but avoid delimiter collision.
while (str_contains($value, $marker)) {
$marker .= '_X';
}
return "<<<'$marker'\n" . $value . "\n$marker";
}
return var_export($value, true);
}
}
Reference in New Issue View Git Blame Copy Permalink