4. action.php (Actions via URL)
code php
<?php
/**
* Action Plugin for Bash Exec
*/
class action_plugin_bashexec extends DokuWiki_Action_Plugin {
public function register(Doku_Event_Handler $controller) {
$controller->register_hook('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handleScriptRequest');
$controller->register_hook('TPL_ACT_RENDER', 'AFTER', $this, 'renderOutput');
}
public function handleScriptRequest(Doku_Event $event, $param) {
if ($event->data !== 'script') {
return;
}
$helper = plugin_load('helper', 'bashexec');
// Vérifier les permissions
if (!$helper->checkPermissions()) {
http_response_code(403);
print json_encode(['error' => 'Accès refusé']);
exit;
}
// Récupérer les paramètres
$script = $this->getInput('script');
$arg1 = $this->getInput('arg1');
$arg2 = $this->getInput('arg2');
// Valider le script
if (!$helper->validateScriptPath(DOKU_PLUGIN . 'bashexec/scripts/' . $script)) {
http_response_code(400);
print json_encode(['error' => 'Script non autorisé']);
exit;
}
// Valider les arguments
$args = array_filter([$arg1, $arg2]);
foreach ($args as $arg) {
if (!$helper->validateArgument($arg)) {
http_response_code(400);
print json_encode(['error' => 'Argument invalide']);
exit;
}
}
// Exécuter
$fullScript = DOKU_PLUGIN . 'bashexec/scripts/' . $script;
$escapedArgs = array_map('escapeshellarg', $args);
$command = escapeshellcmd($fullScript) . ' ' . implode(' ', $escapedArgs);
exec($command, $output, $returnCode);
// Journaliser
global $INPUT;
$helper->logExecution($script, $args, $returnCode, $INPUT->server->str('REMOTE_USER'));
// Répondre
header('Content-Type: application/json');
print json_encode([
'success' => $returnCode === 0,
'output' => $output,
'return_code' => $returnCode
]);
exit;
}
private function getInput($key) {
return isset($_GET[$key]) ? $_GET[$key] : (isset($_POST[$key]) ? $_POST[$key] : '');
}
public function renderOutput(Doku_Event $event, $param) {
// Peut être utilisé pour afficher des résultats après exécution
}
}
