Changeset 565


Ignore:
Timestamp:
09/13/06 15:50:09 (13 years ago)
Author:
gogo
Message:

Improvements to passing configuration to (php currently) Plugin backends.

This was prompted by #844, and numerous people having trouble with configuring ImageManager?.

A file has been added contrib/php-xinha.php (perhaps should be moved somewhere better),
this file contains functions which make it much easier to trustworthily pass data to
backends from the javascript frontend.

An example is easiest, imagine the following in your xinha setup, step 3...

with (xinha_config.ImageManager?)
{

<?php

require_once('/path/to/xinha/contrib/php-xinha.php');
xinha_pass_to_php_backend
(

array
(

'images_dir' => '/home/your/directory',
'images_url' => '/directory'

)

)

?>

}

that's all you need. It will (should at least) work with non-default session names also.

Location:
trunk
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/htmlarea.js

    r562 r565  
    61576157    content = data; 
    61586158  } 
    6159   else 
     6159  else if(data != null) 
    61606160  { 
    61616161    for ( var i in data ) 
  • trunk/plugins/ImageManager/config.inc.php

    r494 r565  
    281281 
    282282 
    283  
    284  
    285  
    286 // If config specified from front end, merge it 
    287 if(isset($_REQUEST['backend_config'])) 
     283// Standard PHP Backend Data Passing 
     284//  if data was passed using xinha_pass_to_php_backend() we merge the items 
     285//  provided into the Config 
     286require_once(realpath(dirname(__FILE__) . '/../../contrib/php-xinha.php')); 
     287if($passed_data = xinha_read_passed_data()) 
     288{ 
     289  $IMConfig = array_merge($IMConfig, $passed_data); 
     290  $IMConfig['backend_url'] .= xinha_passed_data_querystring() . '&'; 
     291} 
     292// Deprecated config passing, don't use this way any more! 
     293elseif(isset($_REQUEST['backend_config'])) 
    288294{ 
    289295  if(get_magic_quotes_gpc()) { 
  • trunk/plugins/ImageManager/image-manager.js

    r419 r565  
    3434}; 
    3535 
    36 // default Xinha layout. plugins are beneath the Xinha directory. 
    37 // Note the trailing &. Makes forming our URL's easier.  
     36 
     37// CONFIGURATION README: 
    3838// 
    39 // To change the backend, just set this config variable in the calling page. 
    40 // The images_url config option is used to strip out the directory info when 
    41 // images are selected from the document. 
     39//  It's useful to pass the configuration to the backend through javascript 
     40//  (this saves editing the backend config itself), this needs to be done 
     41//  in a trusted/secure manner... here is how to do it.. 
     42// 
     43//  1. You need to be able to put PHP in your xinha_config setup 
     44//  2. In step 3 write something like 
     45//  -------------------------------------------------------------- 
     46//  with (xinha_config.ImageManager) 
     47//  {  
     48//    <?php  
     49//      require_once('/path/to/xinha/contrib/php-xinha.php'); 
     50//      xinha_pass_to_php_backend 
     51//      (        
     52//        array 
     53//        ( 
     54//         'images_dir' => '/home/your/directory', 
     55//         'images_url' => '/directory' 
     56//        ) 
     57//      ) 
     58//    ?> 
     59//  } 
     60//  -------------------------------------------------------------- 
     61// 
     62//  this will work provided you are using normal file-based PHP sessions 
     63//  (most likely), if not, you may need to modify the php-xinha.php 
     64//  file to suit your setup. 
    4265 
    4366HTMLArea.Config.prototype.ImageManager = 
    4467{ 
    4568  'backend'    : _editor_url + 'plugins/ImageManager/backend.php?__plugin=ImageManager&', 
    46  
    47   //  It's useful to pass the configuration to the backend through javascript 
    48   //  (this saves editing the backend config itself), but the problem is 
    49   //  how do you make it so that the enduser can not sneakily send thier own 
    50   //  config to the server (including directory locations etc!). 
    51   // 
    52   //  Well, we specify 3 config variables (if the first is given all 3 are required) 
    53   //  first in backend_config we provide the backend configuration (in the format 
    54   //  required by the backend, in the case of PHP this is a serialized structure).  We do not 
    55   //  need to provide a complete configuration here, it will be merged with defaults. 
    56   // 
    57   //  Then in backend_config_secret_key_location we store the name of a key in a 
    58   //  session structure which stores a secret key (anything random), for example 
    59   //  when making the Xinha editor in PHP we might do 
    60   //  <?php $_SESSION['Xinha:ImageManager'] = uniqid('secret_'); ?> 
    61   //  xinha_config.ImageManager.backend_config_secret_key_location = 'Xinha:ImageManager'; 
    62   // 
    63   //  Then finally in backend_config_hash we store an SHA1 hash of the config combined 
    64   //  with the secret. 
    65   // 
    66   //  A full example in PHP might look like 
    67   // 
    68   //  <?php 
    69   //   $myConfig = array('base_dir' = '/home/your/directory', 'base_url' => '/directory') 
    70   //   $myConfig = serialize($myConfig); 
    71   //   if(!isset($_SESSION['Xinha:ImageManager'])) $_SESSION['Xinha:ImageManager'] = uniqid('secret_'); 
    72   //   $secret = $_SESSION['Xinha:ImageManager']; 
    73   //  ?> 
    74   //  xinha_config.ImageManager.backend_config      = '<?php echo jsaddslashes($myConfig)?>'; 
    75   //  xinha_config.ImageManager.backend_config_hash = '<?php echo sha1($myConfig . $secret)?>'; 
    76   //  xinha_config.ImageManager.backend_config_secret_key_location = 'Xinha:ImageManager'; 
    77   // 
    78   // (for jsspecialchars() see http://nz.php.net/manual/en/function.addcslashes.php) 
    79   // 
    80   // 
     69  'backend_data' : null, 
     70   
     71  // Deprecated method for passing config, use above instead! 
     72  //--------------------------------------------------------- 
    8173  'backend_config'     : null, 
    8274  'backend_config_hash': null, 
    8375  'backend_config_secret_key_location': 'Xinha:ImageManager' 
     76  //--------------------------------------------------------- 
    8477}; 
    8578 
     
    159152      + encodeURIComponent(editor.config.ImageManager.backend_config_secret_key_location); 
    160153  } 
    161  
     154   
     155  if(editor.config.ImageManager.backend_data != null) 
     156  { 
     157    for ( var i in editor.config.ImageManager.backend_data ) 
     158    { 
     159      manager += '&' + i + '=' + encodeURIComponent(editor.config.ImageManager.backend_data[i]); 
     160    } 
     161  } 
     162   
    162163        Dialog(manager, function(param) { 
    163164                if (!param) {   // user must have pressed Cancel 
  • trunk/plugins/Linker/linker.js

    r429 r565  
    1717{ 
    1818  'backend' : _editor_url + 'plugins/Linker/scan.php', 
     19  'backend_data' : null, 
    1920  'files' : null 
    2021}; 
     
    327328    { 
    328329        //get files from backend 
    329         HTMLArea._getback(linker.lConfig.backend, 
     330        HTMLArea._postback(linker.lConfig.backend, 
     331                          linker.lConfig.backend_data, 
    330332                          function(txt) { 
    331333                            try { 
  • trunk/plugins/Linker/scan.php

    r133 r565  
    11<?php 
    2  
    32    // /home/username/foo/public_html/ 
    4     $dir = dirname(__FILE__)."/../.."; 
     3    $dir          = dirname(__FILE__)."/../.."; 
    54    $include      = '/\.(php|shtml|html|htm|shtm|cgi|txt|doc|pdf|rtf|xls|csv)$/'; 
    65    $exclude      = ''; 
     
    87    $direxclude   = '/(^|\/)[._]|htmlarea/'; // Exclude the htmlarea tree by default 
    98 
     9    // New backend config data passing 
     10    //  if data was passed using xinha_pass_to_backend() we extract and use it 
     11    //  as the items above     
     12    require_once(realpath(dirname(__FILE__) . '/../../contrib/php-xinha.php')); 
     13    if($passed_data = xinha_read_passed_data()) 
     14    { 
     15      extract($passed_data);       
     16    } 
     17 
     18    // Old deprecated backend config data passing 
     19    //  not described because you shouldn't use it. 
     20    //------------------------------------------------------------------------     
    1021    $hash = ''; 
    1122    foreach(explode(',', 'dir,include,exclude,dirinclude,direxclude') as $k) 
     
    3344      } 
    3445    } 
     46    //------------------------------------------------------------------------ 
     47 
    3548 
    3649    function scan($dir, $durl = '') 
     
    89102      return strcmp(strtolower($a), strtolower($b)); 
    90103    } 
    91  
    92     function to_js($var, $tabs = 0) 
    93     { 
    94       if(is_numeric($var)) 
    95       { 
    96         return $var; 
    97       } 
    98  
    99       if(is_string($var)) 
    100       { 
    101         return "'" . js_encode($var) . "'"; 
    102       } 
    103  
    104       if(is_array($var)) 
    105       { 
    106         $useObject = false; 
    107         foreach(array_keys($var) as $k) { 
    108             if(!is_numeric($k)) $useObject = true; 
    109         } 
    110         $js = array(); 
    111         foreach($var as $k => $v) 
    112         { 
    113           $i = ""; 
    114           if($useObject) { 
    115             if(preg_match('#[a-zA-Z]+[a-zA-Z0-9]*#', $k)) { 
    116               $i .= "$k: "; 
    117             } else { 
    118               $i .= "'$k': "; 
    119             } 
    120           } 
    121           $i .= to_js($v, $tabs + 1); 
    122           $js[] = $i; 
    123         } 
    124         if($useObject) { 
    125             $ret = "{\n" . tabify(implode(",\n", $js), $tabs) . "\n}"; 
    126         } else { 
    127             $ret = "[\n" . tabify(implode(",\n", $js), $tabs) . "\n]"; 
    128         } 
    129         return $ret; 
    130       } 
    131  
    132       return 'null'; 
    133     } 
    134  
    135     function tabify($text, $tabs) 
    136     { 
    137       if($text) 
    138       { 
    139         return str_repeat("  ", $tabs) . preg_replace('/\n(.)/', "\n" . str_repeat("  ", $tabs) . "\$1", $text); 
    140       } 
    141     } 
    142  
    143     function js_encode($string) 
    144     { 
    145       static $strings = "\\,\",',%,&,<,>,{,},@,\n,\r"; 
    146  
    147       if(!is_array($strings)) 
    148       { 
    149         $tr = array(); 
    150         foreach(explode(',', $strings) as $chr) 
    151         { 
    152           $tr[$chr] = sprintf('\x%02X', ord($chr)); 
    153         } 
    154         $strings = $tr; 
    155       } 
    156  
    157       return strtr($string, $strings); 
    158     } 
    159  
    160  
    161     echo to_js(scan($dir)); 
     104    
     105    echo xinha_to_js(scan($dir)); 
    162106?> 
Note: See TracChangeset for help on using the changeset viewer.