Fix auth for the feeds of the wiki

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1540 839d8a87-29fc-0310-9880-83ba4fa771e5

diff --git a/include/platal.inc.php b/include/platal.inc.php
index 046807a..b7142d4 100644 (file)
--- a/include/platal.inc.php
+++ b/include/platal.inc.php
@@ -79,6 +79,11 @@ function pl_error_handler($errno, $errstr, $errfile, $errline)
         "</div>";
 }
 
+function pl_clear_errors()
+{
+    unset($GLOBALS['pl_errors']);
+}
+
 function pl_dump_env()
 {
     echo "<div class='phperror'><pre>";

diff --git a/include/wiki.inc.php b/include/wiki.inc.php
index 110ad3f..c0a8945 100644 (file)
--- a/include/wiki.inc.php
+++ b/include/wiki.inc.php
@@ -114,6 +114,31 @@ function wiki_may_have_perms($perm) {
     }
 }
 
+function wiki_apply_feed_perms($perm)
+{
+    if ($perm == 'public') {
+        return;
+    }
+
+    require_once 'rss.inc.php';
+    $uid = init_rss(null, Env::v('user'), Env::v('hash'));
+    if (!$uid) {
+        exit;
+    }
+    $res = XDB::query('SELECT user_id, IF (nom_usage <> \'\', nom_usage, nom) AS nom, prenom, perms
+                         FROM auth_user_md5
+                        WHERE user_id = {?}', $uid);
+    if (!$res->numRows()) {
+        exit;
+    }
+    $table = $res->fetchOneAssoc();
+    $_SESSION = array_merge($_SESSION, $table, array('forlife' => Env::v('user')));
+    if ($perm == 'logged' || S::has_perms()) {
+        return;
+    }
+    exit;
+}
+
 function wiki_apply_perms($perm) {
     global $page, $platal, $globals;
 

diff --git a/include/wiki/engine.php b/include/wiki/engine.php
index 859dd95..aec07bc 100644 (file)
--- a/include/wiki/engine.php
+++ b/include/wiki/engine.php
@@ -33,8 +33,9 @@ $feed  = false;
 // Check user perms
 switch (Env::v('action')) {
   case 'rss': case 'atom': case 'sdf': case 'dc':
+    wiki_apply_feed_perms($perms['0']);  
     $feed = true;
-  case '': case 'search': case 'rss': case 'atom': 
+  case '': case 'search': 
     break;
 
   case 'edit':
@@ -106,14 +107,15 @@ if ($feed) {
     }
 }
 
-// Check user perms
-wiki_apply_perms($perms[0]);
-
 if ($feed) {
     echo $wikiAll;
+    pl_clear_errors();
     exit;
 }
 
+// Check user perms
+wiki_apply_perms($perms[0]);
+
 $page->assign('perms', $perms);
 $page->assign('perms_opts', wiki_perms_options());
 
@@ -130,7 +132,11 @@ if (!$feed && $perms[1] == 'admin' && !Env::v('action') && $wiki_exists) {
 $page->addCssLink('wiki.css');
 $page->addJsLink('wiki.js');
 if (!Env::v('action')) {
-    $page->setRssLink($n, '/' . str_replace('.', '/', $n) . '?action=rss');
+    $url = '/' . str_replace('.', '/', $n) . '?action=rss';
+    if (S::logged()) {
+        $url .= '&user=' . S::v('forlife') . '&hash=' . S::v('core_rss_hash');
+    } 
+    $page->setRssLink($n, $url);
 }
 
 $page->run();

diff --git a/include/wiki/farmconfig.php b/include/wiki/farmconfig.php
index 07977fe..51650ee 100644 (file)
--- a/include/wiki/farmconfig.php
+++ b/include/wiki/farmconfig.php
@@ -21,11 +21,12 @@ $Skin             = 'empty';
 include_once($FarmD.'/scripts/xlpage-utf-8.php');
 
 if ($action == 'rss'  || $action == 'atom' || $action == 'rdf'  || $action == 'dc') {
-    include_once("$FarmD/scripts/feeds.php");
     $FmtPV['$MarkupExcerpt'] = '$page["text"]';
     $FeedFmt[$action]['item']['title'] = '[$Group] {$Title}';
     $FeedFmt[$action]['item']['description'] = '$LastModifiedSummary';
     $FeedFmt[$action]['feed']['title'] = 'Polytechnique.org :: Wiki :: $FullName';
+    $pagelist = null;
+    include_once("$FarmD/scripts/feeds.php");
 }
 
 // Theme-ing {{{