Changeset 565

Timestamp:

09/13/06 15:50:09 (13 years ago)

Author:

gogo

Message:

Improvements to passing configuration to (php currently) Plugin backends.

This was prompted by #844, and numerous people having trouble with configuring ImageManager?.

A file has been added contrib/php-xinha.php (perhaps should be moved somewhere better),
this file contains functions which make it much easier to trustworthily pass data to
backends from the javascript frontend.

An example is easiest, imagine the following in your xinha setup, step 3...

with (xinha_config.ImageManager?)
{

<?php

require_once('/path/to/xinha/contrib/php-xinha.php');
xinha_pass_to_php_backend
(

array
(

'images_dir' => '/home/your/directory',
'images_url' => '/directory'

)

)

?>

}

that's all you need. It will (should at least) work with non-default session names also.

Location:

trunk

Files:

• contrib/php-xinha.php (added)
• htmlarea.js (modified) (1 diff)
• plugins/ImageManager/config.inc.php (modified) (1 diff)
• plugins/ImageManager/image-manager.js (modified) (2 diffs)
• plugins/Linker/linker.js (modified) (2 diffs)
• plugins/Linker/scan.php (modified) (4 diffs)

trunk/htmlarea.js

@@ -6157 +6157 @@
     content = data;
   }
-  else
+  else if(data != null)
   {
     for ( var i in data )

trunk/plugins/ImageManager/config.inc.php

@@ -281 +281 @@
 
 
-
-
-
-// If config specified from front end, merge it
-if(isset($_REQUEST['backend_config']))
+// Standard PHP Backend Data Passing
+//  if data was passed using xinha_pass_to_php_backend() we merge the items
+//  provided into the Config
+require_once(realpath(dirname(__FILE__) . '/../../contrib/php-xinha.php'));
+if($passed_data = xinha_read_passed_data())
+{
+  $IMConfig = array_merge($IMConfig, $passed_data);
+  $IMConfig['backend_url'] .= xinha_passed_data_querystring() . '&';
+}
+// Deprecated config passing, don't use this way any more!
+elseif(isset($_REQUEST['backend_config']))
 {
   if(get_magic_quotes_gpc()) {

trunk/plugins/ImageManager/image-manager.js

@@ -34 +34 @@
 };
 
-// default Xinha layout. plugins are beneath the Xinha directory.
-// Note the trailing &. Makes forming our URL's easier. 
+
+// CONFIGURATION README:
 //
-// To change the backend, just set this config variable in the calling page.
-// The images_url config option is used to strip out the directory info when
-// images are selected from the document.
+//  It's useful to pass the configuration to the backend through javascript
+//  (this saves editing the backend config itself), this needs to be done
+//  in a trusted/secure manner... here is how to do it..
+//
+//  1. You need to be able to put PHP in your xinha_config setup
+//  2. In step 3 write something like
+//  --------------------------------------------------------------
+//  with (xinha_config.ImageManager)
+//  { 
+//    <?php 
+//      require_once('/path/to/xinha/contrib/php-xinha.php');
+//      xinha_pass_to_php_backend
+//      (       
+//        array
+//        (
+//         'images_dir' => '/home/your/directory',
+//         'images_url' => '/directory'
+//        )
+//      )
+//    ?>
+//  }
+//  --------------------------------------------------------------
+//
+//  this will work provided you are using normal file-based PHP sessions
+//  (most likely), if not, you may need to modify the php-xinha.php
+//  file to suit your setup.
 
 HTMLArea.Config.prototype.ImageManager =
 {
   'backend'    : _editor_url + 'plugins/ImageManager/backend.php?__plugin=ImageManager&',
-
-  //  It's useful to pass the configuration to the backend through javascript
-  //  (this saves editing the backend config itself), but the problem is
-  //  how do you make it so that the enduser can not sneakily send thier own
-  //  config to the server (including directory locations etc!).
-  //
-  //  Well, we specify 3 config variables (if the first is given all 3 are required)
-  //  first in backend_config we provide the backend configuration (in the format
-  //  required by the backend, in the case of PHP this is a serialized structure).  We do not
-  //  need to provide a complete configuration here, it will be merged with defaults.
-  //
-  //  Then in backend_config_secret_key_location we store the name of a key in a
-  //  session structure which stores a secret key (anything random), for example
-  //  when making the Xinha editor in PHP we might do
-  //  <?php $_SESSION['Xinha:ImageManager'] = uniqid('secret_'); ?>
-  //  xinha_config.ImageManager.backend_config_secret_key_location = 'Xinha:ImageManager';
-  //
-  //  Then finally in backend_config_hash we store an SHA1 hash of the config combined
-  //  with the secret.
-  //
-  //  A full example in PHP might look like
-  //
-  //  <?php
-  //   $myConfig = array('base_dir' = '/home/your/directory', 'base_url' => '/directory')
-  //   $myConfig = serialize($myConfig);
-  //   if(!isset($_SESSION['Xinha:ImageManager'])) $_SESSION['Xinha:ImageManager'] = uniqid('secret_');
-  //   $secret = $_SESSION['Xinha:ImageManager'];
-  //  ?>
-  //  xinha_config.ImageManager.backend_config      = '<?php echo jsaddslashes($myConfig)?>';
-  //  xinha_config.ImageManager.backend_config_hash = '<?php echo sha1($myConfig . $secret)?>';
-  //  xinha_config.ImageManager.backend_config_secret_key_location = 'Xinha:ImageManager';
-  //
-  // (for jsspecialchars() see http://nz.php.net/manual/en/function.addcslashes.php)
-  //
-  //
+  'backend_data' : null,
+  
+  // Deprecated method for passing config, use above instead!
+  //---------------------------------------------------------
   'backend_config'     : null,
   'backend_config_hash': null,
   'backend_config_secret_key_location': 'Xinha:ImageManager'
+  //---------------------------------------------------------
 };
 
@@ -159 +152 @@
       + encodeURIComponent(editor.config.ImageManager.backend_config_secret_key_location);
   }
-
+  
+  if(editor.config.ImageManager.backend_data != null)
+  {
+    for ( var i in editor.config.ImageManager.backend_data )
+    {
+      manager += '&' + i + '=' + encodeURIComponent(editor.config.ImageManager.backend_data[i]);
+    }
+  }
+  
         Dialog(manager, function(param) {
                 if (!param) {   // user must have pressed Cancel

trunk/plugins/Linker/linker.js

@@ -17 +17 @@
 {
   'backend' : _editor_url + 'plugins/Linker/scan.php',
+  'backend_data' : null,
   'files' : null
 };
@@ -327 +328 @@
     {
         //get files from backend
-        HTMLArea._getback(linker.lConfig.backend,
+        HTMLArea._postback(linker.lConfig.backend,
+                          linker.lConfig.backend_data,
                           function(txt) {
                             try {

trunk/plugins/Linker/scan.php

@@ -1 +1 @@
 <?php
-
     // /home/username/foo/public_html/
-    $dir = dirname(__FILE__)."/../..";
+    $dir          = dirname(__FILE__)."/../..";
     $include      = '/\.(php|shtml|html|htm|shtm|cgi|txt|doc|pdf|rtf|xls|csv)$/';
     $exclude      = '';
@@ -8 +7 @@
     $direxclude   = '/(^|\/)[._]|htmlarea/'; // Exclude the htmlarea tree by default
 
+    // New backend config data passing
+    //  if data was passed using xinha_pass_to_backend() we extract and use it
+    //  as the items above    
+    require_once(realpath(dirname(__FILE__) . '/../../contrib/php-xinha.php'));
+    if($passed_data = xinha_read_passed_data())
+    {
+      extract($passed_data);      
+    }
+
+    // Old deprecated backend config data passing
+    //  not described because you shouldn't use it.
+    //------------------------------------------------------------------------    
     $hash = '';
     foreach(explode(',', 'dir,include,exclude,dirinclude,direxclude') as $k)
@@ -33 +44 @@
       }
     }
+    //------------------------------------------------------------------------
+
 
     function scan($dir, $durl = '')
@@ -89 +102 @@
       return strcmp(strtolower($a), strtolower($b));
     }
-
-    function to_js($var, $tabs = 0)
-    {
-      if(is_numeric($var))
-      {
-        return $var;
-      }
-
-      if(is_string($var))
-      {
-        return "'" . js_encode($var) . "'";
-      }
-
-      if(is_array($var))
-      {
-        $useObject = false;
-        foreach(array_keys($var) as $k) {
-            if(!is_numeric($k)) $useObject = true;
-        }
-        $js = array();
-        foreach($var as $k => $v)
-        {
-          $i = "";
-          if($useObject) {
-            if(preg_match('#[a-zA-Z]+[a-zA-Z0-9]*#', $k)) {
-              $i .= "$k: ";
-            } else {
-              $i .= "'$k': ";
-            }
-          }
-          $i .= to_js($v, $tabs + 1);
-          $js[] = $i;
-        }
-        if($useObject) {
-            $ret = "{\n" . tabify(implode(",\n", $js), $tabs) . "\n}";
-        } else {
-            $ret = "[\n" . tabify(implode(",\n", $js), $tabs) . "\n]";
-        }
-        return $ret;
-      }
-
-      return 'null';
-    }
-
-    function tabify($text, $tabs)
-    {
-      if($text)
-      {
-        return str_repeat("  ", $tabs) . preg_replace('/\n(.)/', "\n" . str_repeat("  ", $tabs) . "\$1", $text);
-      }
-    }
-
-    function js_encode($string)
-    {
-      static $strings = "\\,\",',%,&,<,>,{,},@,\n,\r";
-
-      if(!is_array($strings))
-      {
-        $tr = array();
-        foreach(explode(',', $strings) as $chr)
-        {
-          $tr[$chr] = sprintf('\x%02X', ord($chr));
-        }
-        $strings = $tr;
-      }
-
-      return strtr($string, $strings);
-    }
-
-
-    echo to_js(scan($dir));
+   
+    echo xinha_to_js(scan($dir));
 ?>