]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/osm.pm
Add automated test for using the CGI with git, including CVE-2016-10026
[git.ikiwiki.info.git] / IkiWiki / Plugin / osm.pm
1 #!/usr/bin/perl
2 # Copyright 2011 Blars Blarson
3 # Released under GPL version 2
5 package IkiWiki::Plugin::osm;
6 use utf8;
7 use strict;
8 use warnings;
9 use IkiWiki 3.0;
11 sub import {
12         add_underlay("osm");
13         hook(type => "getsetup", id => "osm", call => \&getsetup);
14         hook(type => "format", id => "osm", call => \&format);
15         hook(type => "preprocess", id => "osm", call => \&preprocess);
16         hook(type => "preprocess", id => "waypoint", call => \&process_waypoint);
17         hook(type => "savestate", id => "waypoint", call => \&savestate);
18         hook(type => "cgi", id => "osm", call => \&cgi);
19 }
21 sub getsetup () {
22         return
23                 plugin => {
24                         safe => 1,
25                         rebuild => 1,
26                         section => "special-purpose",
27                 },
28                 osm_default_zoom => {
29                         type => "integer",
30                         example => "15",
31                         description => "the default zoom when you click on the map link",
32                         safe => 1,
33                         rebuild => 1,
34                 },
35                 osm_default_icon => {
36                         type => "string",
37                         example => "ikiwiki/images/osm.png",
38                         description => "the icon shown on links and on the main map",
39                         safe => 0,
40                         rebuild => 1,
41                 },
42                 osm_alt => {
43                         type => "string",
44                         example => "",
45                         description => "the alt tag of links, defaults to empty",
46                         safe => 0,
47                         rebuild => 1,
48                 },
49                 osm_format => {
50                         type => "string",
51                         example => "KML",
52                         description => "the output format for waypoints, can be KML, GeoJSON or CSV (one or many, comma-separated)",
53                         safe => 1,
54                         rebuild => 1,
55                 },
56                 osm_tag_default_icon => {
57                         type => "string",
58                         example => "icon.png",
59                         description => "the icon attached to a tag, displayed on the map for tagged pages",
60                         safe => 0,
61                         rebuild => 1,
62                 },
63 }
65 sub preprocess {
66         my %params=@_;
67         my $page = $params{page};
68         my $dest = $params{destpage};
69         my $loc = $params{loc}; # sanitized below
70         my $lat = $params{lat}; # sanitized below
71         my $lon = $params{lon}; # sanitized below
72         my $href = $params{href};
74         my ($width, $height, $float);
75         $height = scrub($params{'height'} || "300px", $page, $dest); # sanitized here
76         $width = scrub($params{'width'} || "500px", $page, $dest); # sanitized here
77         $float = (defined($params{'right'}) && 'right') || (defined($params{'left'}) && 'left'); # sanitized here
78         
79         my $zoom = scrub($params{'zoom'} // $config{'osm_default_zoom'} // 15, $page, $dest); # sanitized below
80         my $map;
81         $map = $params{'map'} || 'map';
82         
83         $map = scrub($map, $page, $dest); # sanitized here
84         my $name = scrub($params{'name'} || $map, $page, $dest);
86         if (defined($lon) || defined($lat) || defined($loc)) {
87                 ($lon, $lat) = scrub_lonlat($loc, $lon, $lat);
88         }
90         if ($zoom !~ /^\d\d?$/ || $zoom < 2 || $zoom > 18) {
91                 error("Bad zoom");
92         }
94         if (! defined $href || ! length $href) {
95                 $href=IkiWiki::cgiurl(
96                         do => "osm",
97                         map => $map,
98                 );
99         }
101         $pagestate{$page}{'osm'}{$map}{'displays'}{$name} = {
102                 height => $height,
103                 width => $width,
104                 float => $float,
105                 zoom => $zoom,
106                 fullscreen => 0,
107                 editable => defined($params{'editable'}),
108                 lat => $lat,
109                 lon => $lon,
110                 href => $href,
111         };
112         return "<div id=\"mapdiv-$name\"></div>";
115 sub process_waypoint {
116         my %params=@_;
117         my $loc = $params{'loc'}; # sanitized below
118         my $lat = $params{'lat'}; # sanitized below
119         my $lon = $params{'lon'}; # sanitized below
120         my $page = $params{'page'}; # not sanitized?
121         my $dest = $params{'destpage'}; # not sanitized?
122         my $hidden = defined($params{'hidden'}); # sanitized here
123         my ($p) = $page =~ /(?:^|\/)([^\/]+)\/?$/; # shorter page name
124         my $name = scrub($params{'name'} || $p, $page, $dest); # sanitized here
125         my $desc = scrub($params{'desc'} || '', $page, $dest); # sanitized here
126         my $zoom = scrub($params{'zoom'} // $config{'osm_default_zoom'} // 15, $page, $dest); # sanitized below
127         my $icon = $config{'osm_default_icon'} || "ikiwiki/images/osm.png"; # sanitized: we trust $config
128         my $map = scrub($params{'map'} || 'map', $page, $dest); # sanitized here
129         my $alt = $config{'osm_alt'} ? "alt=\"$config{'osm_alt'}\"" : ''; # sanitized: we trust $config
130         if ($zoom !~ /^\d\d?$/ || $zoom < 2 || $zoom > 18) {
131                 error("Bad zoom");
132         }
134         ($lon, $lat) = scrub_lonlat($loc, $lon, $lat);
135         if (!defined($lat) || !defined($lon)) {
136                 error("Must specify lat and lon");
137         }
139         my $tag = $params{'tag'};
140         foreach my $t (keys %{$typedlinks{$page}{'tag'}}) {
141                 if ($icon = get_tag_icon($t)) {
142                         $tag = $t;
143                         last;
144                 }
145                 $t =~ s!/$config{'tagbase'}/!!;
146                 if ($icon = get_tag_icon($t)) {
147                         $tag = $t;
148                         last;
149                 }
150         }
151         $icon = urlto($icon, $dest, 1);
152         $tag = '' unless $tag;
153         if ($page eq $dest) {
154                 my %formats = get_formats();
155                 if ($formats{'GeoJSON'}) {
156                         will_render($page, "$map/pois.json");
157                 }
158                 if ($formats{'CSV'}) {
159                         will_render($page, "$map/pois.txt");
160                 }
161                 if ($formats{'KML'}) {
162                         will_render($page, "$map/pois.kml");
163                 }
164         }
165         $pagestate{$page}{'osm'}{$map}{'waypoints'}{$name} = {
166                 page => $page,
167                 desc => $desc,
168                 icon => $icon,
169                 tag => $tag,
170                 lat => $lat,
171                 lon => $lon,
172                 # How to link back to the page from the map, not to be
173                 # confused with the URL of the map itself sent to the
174                 # embeded map below. Note: used in generated KML etc file,
175                 # so must be absolute.
176                 href => urlto($page),
177         };
179         my $mapurl = IkiWiki::cgiurl(
180                 do => "osm",
181                 map => $map,
182                 lat => $lat,
183                 lon => $lon,
184                 zoom => $zoom,
185         );
186         my $output = '';
187         if (defined($params{'embed'})) {
188                 $output .= preprocess(%params,
189                         href => $mapurl,
190                 );
191         }
192         if (!$hidden) {
193                 $output .= "<a href=\"$mapurl\"><img class=\"img\" src=\"$icon\" $alt /></a>";
194         }
195         return $output;
198 # get the icon from the given tag
199 sub get_tag_icon($) {
200         my $tag = shift;
201         # look for an icon attached to the tag
202         my $attached = $tag . '/' . $config{'osm_tag_default_icon'};
203         if (srcfile($attached)) {
204                 return $attached;
205         }
206         else {
207                 return undef;
208         }
211 sub scrub_lonlat($$$) {
212         my ($loc, $lon, $lat) = @_;
213         if ($loc) {
214                 if ($loc =~ /^\s*(\-?\d+(?:\.\d*°?|(?:°?|\s)\s*\d+(?:\.\d*\'?|(?:\'|\s)\s*\d+(?:\.\d*)?\"?|\'?)°?)[NS]?)\s*\,?\;?\s*(\-?\d+(?:\.\d*°?|(?:°?|\s)\s*\d+(?:\.\d*\'?|(?:\'|\s)\s*\d+(?:\.\d*)?\"?|\'?)°?)[EW]?)\s*$/) {
215                         $lat = $1;
216                         $lon = $2;
217                 }
218                 else {
219                         error("Bad loc");
220                 }
221         }
222         if (defined($lat)) {
223                 if ($lat =~ /^(\-?)(\d+)(?:(\.\d*)°?|(?:°|\s)\s*(\d+)(?:(\.\d*)\'?|(?:\'|\s)\s*(\d+(?:\.\d*)?\"?)|\'?)|°?)\s*([NS])?\s*$/) {
224                         $lat = $2 + ($3//0) + ((($4//0) + (($5//0) + (($6//0)/60.)))/60.);
225                         if (($1 eq '-') || (($7//'') eq 'S')) {
226                                 $lat = - $lat;
227                         }
228                 }
229                 else {
230                         error("Bad lat");
231                 }
232         }
233         if (defined($lon)) {
234                 if ($lon =~ /^(\-?)(\d+)(?:(\.\d*)°?|(?:°|\s)\s*(\d+)(?:(\.\d*)\'?|(?:\'|\s)\s*(\d+(?:\.\d*)?\"?)|\'?)|°?)\s*([EW])?$/) {
235                         $lon = $2 + ($3//0) + ((($4//0) + (($5//0) + (($6//0)/60.)))/60.);
236                         if (($1 eq '-') || (($7//'') eq 'W')) {
237                                 $lon = - $lon;
238                         }
239                 }
240                 else {
241                         error("Bad lon");
242                 }
243         }
244         if ($lat < -90 || $lat > 90 || $lon < -180 || $lon > 180) {
245                 error("Location out of range");
246         }
247         return ($lon, $lat);
250 sub savestate {
251         my %waypoints = ();
252         my %linestrings = ();
254         foreach my $page (keys %pagestate) {
255                 if (exists $pagestate{$page}{'osm'}) {
256                         foreach my $map (keys %{$pagestate{$page}{'osm'}}) {
257                                 foreach my $name (keys %{$pagestate{$page}{'osm'}{$map}{'waypoints'}}) {
258                                         debug("found waypoint $name");
259                                         $waypoints{$map}{$name} = $pagestate{$page}{'osm'}{$map}{'waypoints'}{$name};
260                                 }
261                         }
262                 }
263         }
265         foreach my $page (keys %pagestate) {
266                 if (exists $pagestate{$page}{'osm'}) {
267                         foreach my $map (keys %{$pagestate{$page}{'osm'}}) {
268                                 # examine the links on this page
269                                 foreach my $name (keys %{$pagestate{$page}{'osm'}{$map}{'waypoints'}}) {
270                                         if (exists $links{$page}) {
271                                                 foreach my $otherpage (@{$links{$page}}) {
272                                                         if (exists $waypoints{$map}{$otherpage}) {
273                                                                 push(@{$linestrings{$map}}, [
274                                                                         [ $waypoints{$map}{$name}{'lon'}, $waypoints{$map}{$name}{'lat'} ],
275                                                                         [ $waypoints{$map}{$otherpage}{'lon'}, $waypoints{$map}{$otherpage}{'lat'} ]
276                                                                 ]);
277                                                         }
278                                                 }
279                                         }
280                                 }
281                         }
282                         # clear the state, it will be regenerated on the next parse
283                         # the idea here is to clear up removed waypoints...
284                         $pagestate{$page}{'osm'} = ();
285                 }
286         }
288         my %formats = get_formats();
289         if ($formats{'GeoJSON'}) {
290                 writejson(\%waypoints, \%linestrings);
291         }
292         if ($formats{'CSV'}) {
293                 writecsvs(\%waypoints, \%linestrings);
294         }
295         if ($formats{'KML'}) {
296                 writekml(\%waypoints, \%linestrings);
297         }
300 sub writejson($;$) {
301         my %waypoints = %{$_[0]};
302         my %linestrings = %{$_[1]};
303         eval q{use JSON};
304         error $@ if $@;
305         foreach my $map (keys %waypoints) {
306                 my %geojson = ( "type" => "FeatureCollection", "features" => []);
307                 foreach my $name (keys %{$waypoints{$map}}) {
308                         my %marker = ( "type" => "Feature",
309                                 "geometry" => { "type" => "Point", "coordinates" => [ $waypoints{$map}{$name}{'lon'}, $waypoints{$map}{$name}{'lat'} ] },
310                                 "properties" => $waypoints{$map}{$name} );
311                         push @{$geojson{'features'}}, \%marker;
312                 }
313                 foreach my $linestring (@{$linestrings{$map}}) {
314                         my %json  = ( "type" => "Feature",
315                                 "geometry" => { "type" => "LineString", "coordinates" => $linestring });
316                         push @{$geojson{'features'}}, \%json;
317                 }
318                 writefile("pois.json", $config{destdir} . "/$map", to_json(\%geojson));
319         }
322 sub writekml($;$) {
323         my %waypoints = %{$_[0]};
324         my %linestrings = %{$_[1]};
325         eval q{use XML::Writer};
326         error $@ if $@;
327         foreach my $map (keys %waypoints) {
328                 my $output;
329                 my $writer = XML::Writer->new( OUTPUT => \$output,
330                         DATA_MODE => 1, ENCODING => 'UTF-8');
331                 $writer->xmlDecl();
332                 $writer->startTag("kml", "xmlns" => "http://www.opengis.net/kml/2.2");
334                 # first pass: get the icons
335                 foreach my $name (keys %{$waypoints{$map}}) {
336                         my %options = %{$waypoints{$map}{$name}};
337                         $writer->startTag("Style", id => $options{tag});
338                         $writer->startTag("IconStyle");
339                         $writer->startTag("Icon");
340                         $writer->startTag("href");
341                         $writer->characters($options{icon});
342                         $writer->endTag();
343                         $writer->endTag();
344                         $writer->endTag();
345                         $writer->endTag();
346                 }
347         
348                 foreach my $name (keys %{$waypoints{$map}}) {
349                         my %options = %{$waypoints{$map}{$name}};
350                         $writer->startTag("Placemark");
351                         $writer->startTag("name");
352                         $writer->characters($name);
353                         $writer->endTag();
354                         $writer->startTag("styleUrl");
355                         $writer->characters('#' . $options{tag});
356                         $writer->endTag();
357                         #$writer->emptyTag('atom:link', href => $options{href});
358                         # to make it easier for us as the atom:link parameter is
359                         # hard to access from javascript
360                         $writer->startTag('href');
361                         $writer->characters($options{href});
362                         $writer->endTag();
363                         $writer->startTag("description");
364                         $writer->characters($options{desc});
365                         $writer->endTag();
366                         $writer->startTag("Point");
367                         $writer->startTag("coordinates");
368                         $writer->characters($options{lon} . "," . $options{lat});
369                         $writer->endTag();
370                         $writer->endTag();
371                         $writer->endTag();
372                 }
373                 
374                 my $i = 0;
375                 foreach my $linestring (@{$linestrings{$map}}) {
376                         $writer->startTag("Placemark");
377                         $writer->startTag("name");
378                         $writer->characters("linestring " . $i++);
379                         $writer->endTag();
380                         $writer->startTag("LineString");
381                         $writer->startTag("coordinates");
382                         my $str = '';
383                         foreach my $coord (@{$linestring}) {
384                                 $str .= join(',', @{$coord}) . " \n";
385                         }
386                         $writer->characters($str);
387                         $writer->endTag();
388                         $writer->endTag();
389                         $writer->endTag();
390                 }
391                 $writer->endTag();
392                 $writer->end();
394                 writefile("pois.kml", $config{destdir} . "/$map", $output);
395         }
398 sub writecsvs($;$) {
399         my %waypoints = %{$_[0]};
400         foreach my $map (keys %waypoints) {
401                 my $poisf = "lat\tlon\ttitle\tdescription\ticon\ticonSize\ticonOffset\n";
402                 foreach my $name (keys %{$waypoints{$map}}) {
403                         my %options = %{$waypoints{$map}{$name}};
404                         my $line = 
405                                 $options{'lat'} . "\t" .
406                                 $options{'lon'} . "\t" .
407                                 $name . "\t" .
408                                 $options{'desc'} . '<br /><a href="' . $options{'page'} . '">' . $name . "</a>\t" .
409                                 $options{'icon'} . "\n";
410                         $poisf .= $line;
411                 }
412                 writefile("pois.txt", $config{destdir} . "/$map", $poisf);
413         }
416 # pipe some data through the HTML scrubber
418 # code taken from the meta.pm plugin
419 sub scrub($$$) {
420         if (IkiWiki::Plugin::htmlscrubber->can("sanitize")) {
421                 return IkiWiki::Plugin::htmlscrubber::sanitize(
422                         content => shift, page => shift, destpage => shift);
423         }
424         else {
425                 return shift;
426         }
429 # taken from toggle.pm
430 sub format (@) {
431         my %params=@_;
433         if ($params{content}=~m!<div[^>]*id="mapdiv-[^"]*"[^>]*>!g) {
434                 if (! ($params{content}=~s!</body>!include_javascript($params{page})."</body>"!em)) {
435                         # no <body> tag, probably in preview mode
436                         $params{content}=$params{content} . include_javascript($params{page});
437                 }
438         }
439         return $params{content};
442 sub preferred_format() {
443         if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
444                 $config{'osm_format'} = 'KML';
445         }
446         my @spl = split(/, */, $config{'osm_format'});
447         return shift @spl;
450 sub get_formats() {
451         if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
452                 $config{'osm_format'} = 'KML';
453         }
454         map { $_ => 1 } split(/, */, $config{'osm_format'});
457 sub include_javascript ($) {
458         my $page=shift;
459         my $loader;
461         if (exists $pagestate{$page}{'osm'}) {
462                 foreach my $map (keys %{$pagestate{$page}{'osm'}}) {
463                         foreach my $name (keys %{$pagestate{$page}{'osm'}{$map}{'displays'}}) {
464                                 $loader .= map_setup_code($map, $name, %{$pagestate{$page}{'osm'}{$map}{'displays'}{$name}});
465                         }
466                 }
467         }
468         if ($loader) {
469                 return embed_map_code($page) . "<script type=\"text/javascript\" charset=\"utf-8\">$loader</script>";
470         }
471         else {
472                 return '';
473         }
476 sub cgi($) {
477         my $cgi=shift;
479         return unless defined $cgi->param('do') &&
480                 $cgi->param("do") eq "osm";
481         
482         IkiWiki::loadindex();
484         IkiWiki::decode_cgi_utf8($cgi);
486         my $map = $cgi->param('map');
487         if (!defined $map || $map !~ /^[a-z]*$/) {
488                 error("invalid map parameter");
489         }
491         print "Content-Type: text/html\r\n";
492         print ("\r\n");
493         print "<html><body>";
494         print "<div id=\"mapdiv-$map\"></div>";
495         print embed_map_code();
496         print "<script type=\"text/javascript\" charset=\"utf-8\">";
497         print map_setup_code($map, $map,
498                 lat => "urlParams['lat']",
499                 lon => "urlParams['lon']",
500                 zoom => "urlParams['zoom']",
501                 fullscreen => 1,
502                 editable => 1,
503         );
504         print "</script>";
505         print "</body></html>";
507         exit 0;
510 sub embed_map_code(;$) {
511         my $page=shift;
512         return '<script src="http://www.openlayers.org/api/OpenLayers.js" type="text/javascript" charset="utf-8"></script>'.
513                 '<script src="'.urlto("ikiwiki/osm.js", $page).
514                 '" type="text/javascript" charset="utf-8"></script>'."\n";
517 sub map_setup_code($;@) {
518         my $map=shift;
519         my $name=shift;
520         my %options=@_;
522         eval q{use JSON};
523         error $@ if $@;
524                                 
525         $options{'format'} = preferred_format();
527         my %formats = get_formats();
528         if ($formats{'GeoJSON'}) {
529                 $options{'jsonurl'} = urlto($map."/pois.json");
530         }
531         if ($formats{'CSV'}) {
532                 $options{'csvurl'} = urlto($map."/pois.txt");
533         }
534         if ($formats{'KML'}) {
535                 $options{'kmlurl'} = urlto($map."/pois.kml");
536         }
538         return "mapsetup('mapdiv-$name', " . to_json(\%options) . ");";
541 1;