diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
index ad99e55169c57e5967c36b899b87537c4b5c3b63..dbba11efc683d9a58dc05d256dd5651bc005d224 100644
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -53,14 +53,13 @@ $conf['mailguard'] = 'hex'; //obfuscate email addresses against sp
/* Authentication Options - read http://www.splitbrain.org/dokuwiki/wiki:acl */
$conf['useacl'] = 0; //Use Access Control Lists to restrict access?
-$conf['openregister']= 1; //Should users to be allowed to register?
$conf['autopasswd'] = 1; //autogenerate passwords and email them to user
-$conf['resendpasswd']= 0; //allow resend password function?
$conf['authtype'] = 'plain'; //which authentication backend should be used
$conf['passcrypt'] = 'smd5'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
$conf['defaultgroup']= 'user'; //Default groups new Users are added to
$conf['superuser'] = '!!not set!!'; //The admin can be user or @group
$conf['profileconfirm'] = '1'; //Require current password to confirm changes to user profile
+$conf['disableactions'] = 'resendpwd'; //comma separated list of actions to disable
/* Advanced Options */
$conf['userewrite'] = 0; //this makes nice URLs: 0: off 1: .htaccess 2: internal
diff --git a/inc/actions.php b/inc/actions.php
index 194beaad373e12ab2d5f9907a52ba4955e1797ac..51fb0a84a24f4ebdba2f1724e12cf2ec18dde7fe 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -155,6 +155,12 @@ function act_clean($act){
if($act == 'export_html') $act = 'export_xhtml';
if($act == 'export_htmlbody') $act = 'export_xhtmlbody';
+ // check if action is disabled
+ if(!actionOK($act)){
+ msg('Command disabled: '.htmlspecialchars($act),-1);
+ return 'show';
+ }
+
//disable all acl related commands if ACL is disabled
if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin',
'subscribe','unsubscribe','profile',
@@ -198,17 +204,9 @@ function act_permcheck($act){
}elseif(in_array($act,array('login','search','recent','profile'))){
$permneed = AUTH_NONE;
}elseif($act == 'register'){
- if ($conf['openregister']){
- $permneed = AUTH_NONE;
- }else{
- $permneed = AUTH_ADMIN;
- }
+ $permneed = AUTH_NONE;
}elseif($act == 'resendpwd'){
- if ($conf['resendpasswd']) {
- $permneed = AUTH_NONE;
- }else{
- $permneed = AUTH_ADMIN+1; // shouldn't get here if $conf['resendpasswd'] is off
- }
+ $permneed = AUTH_NONE;
}elseif($act == 'admin'){
$permneed = AUTH_ADMIN;
}else{
diff --git a/inc/auth.php b/inc/auth.php
index 72c87552d86cf63ef0c6e83edfc62248faf20d76..345a2ba67176db63063ee381a7cf5d8eb330e614 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -581,7 +581,7 @@ function act_resendpwd(){
global $auth;
if(!$_POST['save']) return false;
- if(!$conf['resendpasswd']) return false;
+ if(!actionOK('resendpwd')) return false;
// should not be able to get here without modPass being possible...
if(!$auth->canDo('modPass')) {
diff --git a/inc/confutils.php b/inc/confutils.php
index b800f5f53ce8b5294609bc3115811012504aec75..c668e8066b00dfee1b67b8008173c0be1a08a7ea 100644
--- a/inc/confutils.php
+++ b/inc/confutils.php
@@ -163,5 +163,27 @@ function confToHash($file,$lower=false) {
return $conf;
}
+/**
+ * check if the given action was disabled in config
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @returns boolean true if enabled, false if disabled
+ */
+function actionOK($action){
+ static $disabled = null;
+ if(is_null($disabled)){
+ global $conf;
+
+ // prepare disabled actions array and handle legacy options
+ $disabled = explode(',',$conf['disableactions']);
+ $disabled = array_map('trim',$disabled);
+ if(isset($conf['openregister']) && !$conf['openregister']) $disabled[] = 'register';
+ if(isset($conf['resendpasswd']) && !$conf['resendpasswd']) $disabled[] = 'resendpwd';
+ $disabled = array_unique($disabled);
+ }
+
+ return !in_array($action,$disabled);
+}
+
//Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/inc/html.php b/inc/html.php
index 9bd926c03ae7d4cc13bd8107fc8c19be68843008..2a02b8c34f4026797d8b2abdcd0e598877428525 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -75,14 +75,14 @@ function html_login(){
</fieldset>
</form>
<?php
- if($auth->canDo('addUser') && $conf['openregister']){
+ if($auth->canDo('addUser') && actionOK('register')){
print '<p>';
print $lang['reghere'];
print ': <a href="'.wl($ID,'do=register').'" class="wikilink1">'.$lang['register'].'</a>';
print '</p>';
}
- if ($auth->canDo('modPass') && $conf['resendpasswd']) {
+ if ($auth->canDo('modPass') && actionOK('resendpwd')) {
print '<p>';
print $lang['pwdforget'];
print ': <a href="'.wl($ID,'do=resendpwd').'" class="wikilink1">'.$lang['btn_resendpwd'].'</a>';
@@ -99,37 +99,6 @@ function html_login(){
*/
}
-/**
- * shows the edit/source/show/draft button dependent on current mode
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function html_editbutton(){
- global $ID;
- global $REV;
- global $ACT;
- global $INFO;
-
- if($ACT == 'show' || $ACT == 'search'){
- if($INFO['writable']){
- if($INFO['draft']){
- $r = html_btn('draft',$ID,'e',array('do' => 'draft'),'post');
- }else{
- if($INFO['exists']){
- $r = html_btn('edit',$ID,'e',array('do' => 'edit','rev' => $REV),'post');
- }else{
- $r = html_btn('create',$ID,'e',array('do' => 'edit','rev' => $REV),'post');
- }
- }
- }else{
- $r = html_btn('source',$ID,'v',array('do' => 'edit','rev' => $REV),'post');
- }
- }else{
- $r = html_btn('show',$ID,'v',array('do' => 'show'));
- }
- return $r;
-}
-
/**
* prints a section editing button
* used as a callback in html_secedit
@@ -1046,6 +1015,11 @@ function html_edit($text=null,$include='edit'){ //FIXME: include needed?
if ($REV) print p_locale_xhtml('editrev');
print p_locale_xhtml($include);
}else{
+ // check pseudo action 'source'
+ if(!actionOK('source')){
+ msg('Command disabled: source',-1);
+ return;
+ }
print p_locale_xhtml('read');
$ro='readonly="readonly"';
}
@@ -1057,8 +1031,8 @@ function html_edit($text=null,$include='edit'){ //FIXME: include needed?
<div class="toolbar">
<div id="draft__status"><?php if($INFO['draft']) echo $lang['draftdate'].' '.date($conf['dformat']);?></div>
- <div id="tool__bar"><a href="<?php echo DOKU_BASE?>lib/exe/mediamanager.php?ns=<?php echo $INFO['namespace']?>"
- target="_blank"><?php echo $lang['mediaselect'] ?></a></div>
+ <div id="tool__bar"><?php if(!$ro){?><a href="<?php echo DOKU_BASE?>lib/exe/mediamanager.php?ns=<?php echo $INFO['namespace']?>"
+ target="_blank"><?php echo $lang['mediaselect'] ?></a><?php }?></div>
<?php if($wr){?>
<script type="text/javascript" charset="utf-8">
@@ -1237,11 +1211,6 @@ function html_admin(){
ptln(' <li><div class="li"><a href="'.wl($ID, 'do=admin&page='.$item['plugin']).'">'.$item['prompt'].'</a></div></li>');
}
- // add in non-plugin functions
- if (!$conf['openregister']){
- ptln('<li><div class="li"><a href="'.wl($ID,'do=register').'">'.$lang['admin_register'].'</a></div></li>');
- }
-
ptln('</ul>');
}
diff --git a/inc/template.php b/inc/template.php
index 277c06d8dfa7aa03008cf1c90ced76673556ec5c..f9e69d3404a81e5053c4e51c5283914bca777892 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -296,9 +296,29 @@ function tpl_button($type){
global $conf;
global $auth;
+ if(!actionOK($type)) return;
+
switch($type){
case 'edit':
- print html_editbutton();
+ #most complicated type - we need to decide on current action
+ if($ACT == 'show' || $ACT == 'search'){
+ if($INFO['writable']){
+ if($INFO['draft']){
+ echo html_btn('draft',$ID,'e',array('do' => 'draft'),'post');
+ }else{
+ if($INFO['exists']){
+ echo html_btn('edit',$ID,'e',array('do' => 'edit','rev' => $REV),'post');
+ }else{
+ echo html_btn('create',$ID,'e',array('do' => 'edit','rev' => $REV),'post');
+ }
+ }
+ }else{
+ if(!actionOK('source')) return false; //pseudo action
+ echo html_btn('source',$ID,'v',array('do' => 'edit','rev' => $REV),'post');
+ }
+ }else{
+ echo html_btn('show',$ID,'v',array('do' => 'show'));
+ }
break;
case 'history':
print html_btn('revs',$ID,'o',array('do' => 'revisions'));
@@ -386,6 +406,8 @@ function tpl_actionlink($type,$pre='',$suf=''){
global $lang;
global $auth;
+ if(!actionOK($type)) return;
+
switch($type){
case 'edit':
#most complicated type - we need to decide on current action
@@ -401,6 +423,7 @@ function tpl_actionlink($type,$pre='',$suf=''){
'class="action create" accesskey="e" rel="nofollow"');
}
}else{
+ if(!actionOK('source')) return false; //pseudo action
tpl_link(wl($ID,'do=edit&rev='.$REV),
$pre.$lang['btn_source'].$suf,
'class="action source" accesskey="v" rel="nofollow"');