]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/getsource.pm
Add automated test for using the CGI with git, including CVE-2016-10026
[git.ikiwiki.info.git] / IkiWiki / Plugin / getsource.pm
1 #!/usr/bin/perl
2 package IkiWiki::Plugin::getsource;
4 use warnings;
5 use strict;
6 use IkiWiki;
7 use open qw{:utf8 :std};
9 sub import {
10         hook(type => "getsetup", id => "getsource", call => \&getsetup);
11         hook(type => "pagetemplate", id => "getsource", call => \&pagetemplate);
12         hook(type => "cgi", id => "getsource", call => \&cgi_getsource);
13 }
15 sub getsetup () {
16         return
17                 plugin => {
18                         safe => 1,
19                         rebuild => 1,
20                         section => "web",
21                 },
22                 getsource_mimetype => {
23                         type => "string",
24                         example => "text/plain; charset=utf-8",
25                         description => "Mime type for returned source.",
26                         safe => 1,
27                         rebuild => 0,
28                 },
29 }
31 sub pagetemplate (@) {
32         my %params=@_;
34         my $page=$params{page};
35         my $template=$params{template};
37         if (length $config{cgiurl}) {
38                 $template->param(getsourceurl => IkiWiki::cgiurl(do => "getsource", page => $page));
39                 $template->param(have_actions => 1);
40         }
41 }
43 sub cgi_getsource ($) {
44         my $cgi=shift;
46         return unless defined $cgi->param('do') &&
47                       $cgi->param("do") eq "getsource";
49         IkiWiki::decode_cgi_utf8($cgi);
51         my $page=$cgi->param('page');
53         if (! defined $page || $page !~ /$config{wiki_file_regexp}/) {
54                 error("invalid page parameter");
55         }
57         # For %pagesources.
58         IkiWiki::loadindex();
60         if (! exists $pagesources{$page}) {
61                 IkiWiki::cgi_custom_failure(
62                         $cgi,
63                         "404 Not Found",
64                         IkiWiki::cgitemplate($cgi, gettext("missing page"),
65                                 "<p>".
66                                 sprintf(gettext("The page %s does not exist."),
67                                         htmllink("", "", $page)).
68                                 "</p>"));
69                 exit;
70         }
72         if (! defined pagetype($pagesources{$page})) {
73                 IkiWiki::cgi_custom_failure(
74                         $cgi->header(-status => "403 Forbidden"),
75                         IkiWiki::cgitemplate($cgi, gettext("not a page"),
76                                 "<p>".
77                                 sprintf(gettext("%s is an attachment, not a page."),
78                                         htmllink("", "", $page)).
79                                 "</p>"));
80                 exit;
81         }
83         if (! $config{getsource_mimetype}) {
84                 $config{getsource_mimetype} = "text/plain; charset=utf-8";
85         }
87         print "Content-Type: $config{getsource_mimetype}\r\n";
88         print ("\r\n");
89         print readfile(srcfile($pagesources{$page}));
91         exit 0;
92 }
94 1