1<?php
2// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
3//
4// All Rights Reserved. See copyright.txt for details and a complete list of authors.
5// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
6// $Id$
7
8//this script may only be included - so its better to die if called directly.
9if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
10	header("location: index.php");
11	exit;
12}
13
14// Handle special actions of the smarty_function_attachments smarty plugin
15function s_f_attachments_actionshandler($params)
16{
17	global $prefs, $user, $tikilib;
18	if ($prefs['feature_wiki_attachments'] != 'y') {
19		return false;
20	}
21
22	/*** Works only for wiki attachments yet ***/
23	if (! empty($params['upload']) && empty($params['fileId']) && empty($params['page'])) {
24		return false; ///FIXME
25	}
26
27	if (! empty($params['page'])) {
28		require_once("lib/wiki/renderlib.php");
29		$info =& $tikilib->get_page_info($params['page']);
30		$pageRenderer = new WikiRenderer($info, $user, $info['data']);
31		$objectperms = $pageRenderer->applyPermissions();
32	}
33
34	$filegallib = TikiLib::lib('filegal');
35	$access = TikiLib::lib('access');
36
37	foreach ($params as $k => $v) {
38		switch ($k) {
39			case 'remove':
40				/* FIXME
41					check_ticket('index');
42					$owner = $wikilib->get_attachment_owner($_REQUEST['removeattach']);
43					if ( ($user && ($owner == $user) ) || $objectperms->wiki_admin_attachments ) {
44						$access->check_authenticity();
45						$wikilib->remove_wiki_attachment($_REQUEST['removeattach']);
46					}
47					$pageRenderer->setShowAttachments( 'y' );
48				*/
49				if ($access->checkCsrfForm(tr('Delete file?'))) {
50					$result = $filegallib->actionHandler('removeFile', [ 'fileId' => $v ]);
51					if ($result && $result->numrows()) {
52						Feedback::success(tr('File (ID %0) removed', $v));
53					} else {
54						Feedback::error(tr('File (ID %0) not removed', $v));
55					}
56				}
57				break;
58
59			case 'upload':
60				if (isset($objectperms) && ( $objectperms->wiki_admin_attachments || $objectperms->wiki_attach_files )) {
61					/* check_ticket('index'); */
62
63					$smarty = TikiLib::lib('smarty');
64					$smarty->loadPlugin('smarty_function_query');
65
66					$galleryId = $filegallib->get_attachment_gallery($params['page'], 'wiki page', true);
67					if ($access->checkCsrf()) {
68						$result = $filegallib->actionHandler(
69							'uploadFile',
70							[
71								'galleryId' => [$galleryId],
72								'comment' => [$params['comment']],
73								'returnUrl' => smarty_function_query(
74									[
75										'_type' => 'absolute_path',
76										's_f_attachments-upload' => 'NULL',
77										's_f_attachments-page' => 'NULL',
78										's_f_attachments-comment' => 'NULL',
79										'ticket' => 'NULL',
80									],
81									$smarty
82								),
83							]
84						);
85						if ($result) {
86							Feedback::success(tr('File uploaded'));
87						} else {
88							Feedback::error(tr('File not uploaded'));
89						}
90					}
91				}
92
93				break;
94		}
95	}
96
97	return true;
98}
99
100/*
101 * smarty_function_attachments: Display the list of files attached to a wiki page (when stored in a file gallery)
102 *
103 * params will be used as smarty params for fgal_attachments.tpl, except special params starting with '_' :
104 *   _id : id of the object (for a wiki page, use it's name)
105 *   _type : type of the object ( e.g. "wiki page" - see objectTypes in lib/setup/sections.php )
106 */
107function smarty_function_attachments($params, $template)
108{
109	if (! is_array($params) || ! isset($params['_id']) || ! isset($params['_type'])) {
110		return tra('Missing _id or _type params');
111	}
112
113	global $prefs, $page;
114	$filegallib = TikiLib::lib('filegal');
115	$smarty = TikiLib::lib('smarty');
116	/*** For the moment, only wiki attachments are handled through file galleries ***/
117	if ($prefs['feature_wiki_attachments'] != 'y') {
118		return;
119	}
120
121	$galleryId = $filegallib->get_attachment_gallery($params['_id'], $params['_type']);
122
123	/*** If anything in this function is changed, please change lib/wiki-plugins/wikiplugin_attach.php as well. ***/
124	/* but wikiplugin_attach doesn't seem to work at all with file gals attachemnts??? jonnyb tiki12 */
125
126	if (empty($galleryId)) {			// no gallery for this page yet, is no problem (12.0+)
127		$gal_info = $filegallib->default_file_gallery();
128		$gal_info['name'] = $page . ' *';	// temp name with * - not displayed in most configs
129	} elseif (! $gal_info = $filegallib->get_file_gallery($galleryId)) {
130		$smarty->loadPlugin('smarty_block_remarksbox');
131		$repeat = false;
132		return smarty_block_remarksbox(
133			['type' => 'errors', 'title' => tra('Wrong attachments gallery')],
134			tra('You are attempting to display a gallery that is not a valid attachment gallery') . ' (ID=' . $galleryId . ')',
135			$smarty,
136			$repeat
137		) . "\n";
138	}
139
140////	if ( $this->showAttachments !== false )
141////		$this->smartyassign('atts_show', $this->showAttachments);
142
143	foreach ($params as $k => $v) {
144		if ($k[0] == '_') {
145			unset($params[ $k ]);
146		}
147	}
148
149	// Get URL params specific to this smarty function that should be assigned in smarty
150	$url_override_prefix = 's_f_attachments';
151	$url_overrided_arguments = [ 'sort_mode', 'remove', 'galleryId', 'comment', 'upload', 'page' ];
152	$smarty->set_request_overriders($url_override_prefix, $url_overrided_arguments);
153
154	$params['sort_mode'] = isset($_REQUEST[ $url_override_prefix . '-sort_mode' ]) ? $_REQUEST[ $url_override_prefix . '-sort_mode' ] : '';
155
156	// Get listing display config
157	include_once('fgal_listing_conf.php');
158
159	// Force some gallery display parameters
160	$gal_info['show_checked'] = 'n';
161
162	// Get list of files in the gallery
163	if (! empty($galleryId)) {
164		$files = $filegallib->get_files(0, -1, $params['sort_mode'], '', $galleryId);
165	} else {
166		$files = ['data' => [], 'cant' => 0];
167	}
168
169	// Readjust perms using special wiki attachments perms
170	global $tiki_p_wiki_admin_attachments, $tiki_p_wiki_view_attachments;
171
172	foreach ($files[ 'data' ] as &$file) {
173		// First disable file galleries "assign perms" & "admin" perms that allows too much actions on the list of files or that are related to subgalleries
174		//   (attachements display should be simple)
175		$file['perms'][ 'tiki_p_admin_file_galleries' ] = 'n';
176		$file['perms'][ 'tiki_p_assign_perm_file_gallery' ] = 'n';
177
178		// Disabling permissions below should not be necessary because subgalleries in attachments galleries should not happen...
179		// $p[ 'tiki_p_upload_files' ] = 'n';
180		// $p[ 'tiki_p_create_file_galleries' ] = 'n';
181
182		$file['perms'][ 'tiki_p_download_files' ] = ( $tiki_p_wiki_admin_attachments == 'y' || $tiki_p_wiki_view_attachments == 'y' ) ? 'y' : 'n';
183		$file['perms'][ 'tiki_p_edit_gallery_file' ] = $tiki_p_wiki_admin_attachments;
184	}
185
186	$params['gal_info'] = $gal_info;
187	$params['files'] = $files['data'];
188	$params['cant'] = $files['cant'];
189
190	$return = "\n" . $smarty->plugin_fetch('fgal_attachments.tpl', $params) . "\n";
191
192	$smarty->remove_request_overriders($url_override_prefix, $url_overrided_arguments);
193	return $return;
194}
195