1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10 11$inputConfiguration = [ 12 [ 13 'staticKeyFiltersForArrays' => ['channels' => 'rawhtml_unsafe',], 14 ] 15]; 16 17require_once 'tiki-setup.php'; 18 19// This file will handle a second mode of authentication, don't limit it to permissions. 20// Only channels registered through the admin panel can be executed. 21// Each channel execution validates access rights. 22 23if (! isset($_REQUEST['channels']) || ! is_array($_REQUEST['channels'])) { 24 $access->display_error('tiki-channel.php', tra('Invalid request. Expecting channels array.')); 25} 26 27$calls = []; 28$channels = []; 29 30foreach ($_REQUEST['channels'] as $info) { 31 if (! isset($info['channel_name'])) { 32 $access->display_error('tiki-channel.php', tra('Missing channel name.')); 33 } 34 35 $channel = $info['channel_name']; 36 $channels[] = $channel; 37 unset($info['channel_name']); 38 $calls[] = [ $channel, $info ]; 39} 40 41$config = Tiki_Profile_ChannelList::fromConfiguration($prefs['profile_channels']); 42 43$channels = array_unique($channels); 44$groups = $tikilib->get_user_groups($user); 45 46if (! $user && ! $config->canExecuteChannels($channels, $groups)) { 47 // User not defined and some groups missing, likely to be a machine 48 if (! $access->http_auth()) { 49 $access->display_error('tiki-channel.php', tra('Authentication required.')); 50 } 51 52 // Get the new ones 53 $groups = $tikilib->get_user_groups($user); 54} 55 56if (! $config->canExecuteChannels($channels, $groups)) { 57 $access->display_error( 58 'tiki-channel.php', 59 tra('One of the requested channels cannot be requested. It does not exist or permission is denied.') 60 ); 61} 62 63$profiles = $config->getProfiles($channels); 64 65if (count($profiles) != count($channels)) { 66 $access->display_error('tiki-channel.php', tra('One of the install profiles could not be obtained.')); 67} 68 69Tiki_Profile::useUnicityPrefix(uniqid()); 70$installer = new Tiki_Profile_Installer; 71$installer->limitGlobalPreferences([]); 72 73foreach ($calls as $call) { 74 list($channel, $userInput) = $call; 75 76 // Profile can be installed multiple times 77 // Only last values preserved 78 $profile = $profiles[$channel]; 79 $installer->forget($profile); 80 81 $installer->setUserData($userInput); 82 $installer->install($profile); 83} 84 85if (isset($_REQUEST['return_uri'])) { 86 header("Location: {$_REQUEST['return_uri']}"); 87} 88