]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/flattr.pm
Reference CVE-2016-4561 in 3.20141016.3 changelog
[git.ikiwiki.info.git] / IkiWiki / Plugin / flattr.pm
1 #!/usr/bin/perl
2 package IkiWiki::Plugin::flattr;
4 use warnings;
5 use strict;
6 use IkiWiki 3.00;
8 sub import {
9         hook(type => "getsetup", id => "flattr", call => \&getsetup);
10         hook(type => "preprocess", id => "flattr", call => \&preprocess);
11         hook(type => "format", id => "flattr", call => \&format);
12 }
14 sub getsetup () {
15         return
16                 plugin => {
17                         safe => 1,
18                         rebuild => undef,
19                 },
20                 flattr_userid => {
21                         type => "string",
22                         example => 'joeyh',
23                         description => "userid or user name to use by default for Flattr buttons",
24                         advanced => 0,
25                         safe => 1,
26                         rebuild => undef,
27                 },
28 }
30 my %flattr_pages;
32 sub preprocess (@) {
33         my %params=@_;
35         $flattr_pages{$params{destpage}}=1;
37         my $url=$params{url};
38         if (! defined $url) {
39                 $url=urlto($params{page}, "", 1);
40         }
42         my @fields;
43         foreach my $field (qw{language uid button hidden category tags}) {
44                 if (exists $params{$field}) {
45                         push @fields, "$field:$params{$field}";
46                 }
47         }
48         
49         return '<a class="FlattrButton" href="'.$url.'"'.
50                 (exists $params{title} ? ' title="'.$params{title}.'"' : '').
51                 ' rev="flattr;'.join(';', @fields).';"'.
52                 '>'.
53                 (exists $params{description} ? $params{description} : '').
54                 '</a>';
55 }
57 sub format (@) {
58         my %params=@_;
60         # Add flattr's javascript to pages with flattr buttons.
61         if ($flattr_pages{$params{page}}) {
62                 if (! ($params{content}=~s!^(<body[^>]*>)!$1.flattrjs()!em)) {
63                         # no <body> tag, probably in preview mode
64                         $params{content}=flattrjs().$params{content};
65                 }
66         }
67         return $params{content};
68 }
70 my $js_cached;
71 sub flattrjs {
72         return $js_cached if defined $js_cached;
74         my $js_url='https://api.flattr.com/js/0.5.0/load.js?mode=auto';
75         if (defined $config{flattr_userid}) {
76                 my $userid=$config{flattr_userid};
77                 $userid=~s/[^-A-Za-z0-9_]//g; # sanitize for inclusion in javascript
78                 $js_url.="&uid=$userid";
79         }
81         # This is Flattr's standard javascript snippet to include their
82         # external javascript file, asynchronously.
83         return $js_cached=<<"EOF";
84 <script type="text/javascript">
85 <!--//--><![CDATA[//><!--
86 (function() {
87         var s = document.createElement('script'), t = document.getElementsByTagName('script')[0];
88         s.type = 'text/javascript';
89         s.async = true;
90         s.src = '$js_url';
91         t.parentNode.insertBefore(s, t);
92 })();//--><!]]>
93 </script>
94 EOF
95 }
97 1