]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/lockedit.pm
meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl...
[git.ikiwiki.info.git] / IkiWiki / Plugin / lockedit.pm
1 #!/usr/bin/perl
2 package IkiWiki::Plugin::lockedit;
4 use warnings;
5 use strict;
6 use IkiWiki 3.00;
8 sub import {
9         hook(type => "getsetup", id => "lockedit", call => \&getsetup);
10         hook(type => "canedit", id => "lockedit", call => \&canedit);
11 }
13 sub getsetup () {
14         return
15                 plugin => {
16                         safe => 1,
17                         rebuild => 0,
18                         section => "auth",
19                 },
20                 locked_pages => {
21                         type => "pagespec",
22                         example => "!*/Discussion",
23                         description => "PageSpec controlling which pages are locked",
24                         link => "ikiwiki/PageSpec",
25                         safe => 1,
26                         rebuild => 0,
27                 },
28 }
30 sub canedit ($$) {
31         my $page=shift;
32         my $cgi=shift;
33         my $session=shift;
35         my $user=$session->param("name");
36         return undef if defined $user && IkiWiki::is_admin($user);
38         if (defined $config{locked_pages} && length $config{locked_pages} &&
39             pagespec_match($page, $config{locked_pages},
40                     user => $session->param("name"),
41                     ip => $session->remote_addr(),
42             )) {
43                 if ((! defined $user ||
44                     ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
45                     exists $IkiWiki::hooks{auth}) {
46                         return sub { IkiWiki::needsignin($cgi, $session) };
47                 }
48                 else {
49                         return sprintf(gettext("%s is locked and cannot be edited"),
50                                 htmllink("", "", $page, noimageinline => 1));
51                         
52                 }
53         }
55         return undef;
56 }
58 1