]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Render.pm
meta: Security fix; don't allow alternative stylesheets to be added on pages where...
[git.ikiwiki.info.git] / IkiWiki / Render.pm
index 1114e05c8615d9f2861c39f7160747eeab8f2107..a653ab2da02e542828349c3d9f3ac200340608f4 100644 (file)
@@ -43,7 +43,7 @@ sub backlinks ($) {
        my @links;
        foreach my $p (backlink_pages($page)) {
                my $href=urlto($p, $page);
-                
+
                # Trim common dir prefixes from both pages.
                my $p_trimmed=$p;
                my $page_trimmed=$page;
@@ -62,8 +62,8 @@ sub genpage ($$) {
        my $page=shift;
        my $content=shift;
        
-       run_hooks(postscan => sub {
-               shift->(page => $page, content => $content);
+       run_hooks(indexhtml => sub {
+               shift->(page => $page, destpage => $page, content => $content);
        });
 
        my $templatefile;
@@ -74,20 +74,24 @@ sub genpage ($$) {
                        $templatefile=$file;
                }
        });
-       my $template=template(defined $templatefile ? $templatefile : 'page.tmpl', blind_cache => 1);
-       my $actions=0;
+       my $template;
+       if (defined $templatefile) {
+               $template=template_depends($templatefile, $page,
+                       blind_cache => 1);
+       }
+       else {
+               # no explicit depends as special case
+               $template=template('page.tmpl', 
+                       blind_cache => 1);
+       }
 
+       my $actions=0;
        if (length $config{cgiurl}) {
                if (IkiWiki->can("cgi_editpage")) {
                        $template->param(editurl => cgiurl(do => "edit", page => $page));
                        $actions++;
                }
-               if (exists $hooks{auth}) {
-                       $template->param(prefsurl => cgiurl(do => "prefs"));
-                       $actions++;
-               }
        }
-               
        if (defined $config{historyurl} && length $config{historyurl}) {
                my $u=$config{historyurl};
                $u=~s/\[\[file\]\]/$pagesources{$page}/g;
@@ -102,10 +106,10 @@ sub genpage ($$) {
                        $actions++;
                }
        }
-
        if ($actions) {
                $template->param(have_actions => 1);
        }
+       templateactions($template, $page);
 
        my @backlinks=sort { $a->{page} cmp $b->{page} } backlinks($page);
        my ($backlinks, $more_backlinks);
@@ -127,8 +131,9 @@ sub genpage ($$) {
                backlinks => $backlinks,
                more_backlinks => $more_backlinks,
                mtime => displaytime($pagemtime{$page}),
-               ctime => displaytime($pagectime{$page}),
+               ctime => displaytime($pagectime{$page}, undef, 1),
                baseurl => baseurl($page),
+               html5 => $config{html5},
        );
 
        run_hooks(pagetemplate => sub {
@@ -286,64 +291,68 @@ sub find_src_files () {
        my %pages;
        eval q{use File::Find};
        error($@) if $@;
-       find({
-               no_chdir => 1,
-               wanted => sub {
-                       my $file=decode_utf8($_);
-                       $file=~s/^\Q$config{srcdir}\E\/?//;
-                       return if -l $_ || -d _ || ! length $file;
-                       my $page = pagename($file);
-                       if (! exists $pagesources{$page} &&
-                           file_pruned($file)) {
-                               $File::Find::prune=1;
-                               return;
-                       }
 
-                       my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
-                       if (! defined $f) {
-                               warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
-                       }
-                       else {
-                               push @files, $f;
-                               if ($pages{$page}) {
-                                       debug(sprintf(gettext("%s has multiple possible source pages"), $page));
+       eval q{use Cwd};
+       die $@ if $@;
+       my $origdir=getcwd();
+       my $abssrcdir=Cwd::abs_path($config{srcdir});
+
+       my ($page, $underlay);
+       my $helper=sub {
+               my $file=decode_utf8($_);
+
+               return if -l $file || -d _;
+               $file=~s/^\.\///;
+               return if ! length $file;
+               $page = pagename($file);
+               if (! exists $pagesources{$page} &&
+                   file_pruned($file)) {
+                       $File::Find::prune=1;
+                       return;
+               }
+
+               my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
+               if (! defined $f) {
+                       warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
+                       return;
+               }
+       
+               if ($underlay) {
+                       # avoid underlaydir override attacks; see security.mdwn
+                       if (! -l "$abssrcdir/$f" && ! -e _) {
+                               if (! $pages{$page}) {
+                                       push @files, $f;
+                                       $pages{$page}=1;
                                }
-                               $pages{$page}=1;
                        }
-               },
-       }, $config{srcdir});
-       foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
-               find({
-                       no_chdir => 1,
-                       wanted => sub {
-                               my $file=decode_utf8($_);
-                               $file=~s/^\Q$dir\E\/?//;
-                               return if -l $_ || -d _ || ! length $file;
-                               my $page=pagename($file);
-                               if (! exists $pagesources{$page} &&
-                                   file_pruned($file)) {
-                                       $File::Find::prune=1;
-                                       return;
-                               }
+               }
+               else {
+                       push @files, $f;
+                       if ($pages{$page}) {
+                               debug(sprintf(gettext("%s has multiple possible source pages"), $page));
+                       }
+                       $pages{$page}=1;
+               }
+       };
 
-                               my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
-                               if (! defined $f) {
-                                       warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
-                               }
-                               else {
-                                       # avoid underlaydir override
-                                       # attacks; see security.mdwn
-                                       if (! -l "$config{srcdir}/$f" && 
-                                           ! -e _) {
-                                               if (! $pages{$page}) {
-                                                       push @files, $f;
-                                                       $pages{$page}=1;
-                                               }
-                                       }
-                               }
-                       },
-               }, $dir);
+       chdir($config{srcdir}) || die "chdir $config{srcdir}: $!";
+       find({
+               no_chdir => 1,
+               wanted => $helper,
+       }, '.');
+       chdir($origdir) || die "chdir $origdir: $!";
+
+       $underlay=1;
+       foreach (@{$config{underlaydirs}}, $config{underlaydir}) {
+               if (chdir($_)) {
+                       find({
+                               no_chdir => 1,
+                               wanted => $helper,
+                       }, '.');
+                       chdir($origdir) || die "chdir: $!";
+               }
        };
+
        return \@files, \%pages;
 }
 
@@ -356,6 +365,35 @@ sub find_new_files ($) {
 
        foreach my $file (@$files) {
                my $page=pagename($file);
+
+               if ($config{rcs} && $config{gettime} &&
+                   -e "$config{srcdir}/$file") {
+                       if (! $times_noted) {
+                               debug(sprintf(gettext("querying %s for file creation and modification times.."), $config{rcs}));
+                               $times_noted=1;
+                       }
+
+                       eval {
+                               my $ctime=rcs_getctime($file);
+                               if ($ctime > 0) {
+                                       $pagectime{$page}=$ctime;
+                               }
+                       };
+                       if ($@) {
+                               print STDERR $@;
+                       }
+                       my $mtime;
+                       eval {
+                               $mtime=rcs_getmtime($file);
+                       };
+                       if ($@) {
+                               print STDERR $@;
+                       }
+                       elsif ($mtime > 0) {
+                               utime($mtime, $mtime, "$config{srcdir}/$file");
+                       }
+               }
+
                if (exists $pagesources{$page} && $pagesources{$page} ne $file) {
                        # the page has changed its type
                        $forcerebuild{$page}=1;
@@ -365,34 +403,8 @@ sub find_new_files ($) {
                        if (isinternal($page)) {
                                push @internal_new, $file;
                        }
-                       elsif ($config{rcs}) {
+                       else {
                                push @new, $file;
-                               if ($config{gettime} && -e "$config{srcdir}/$file") {
-                                       if (! $times_noted) {
-                                               debug(sprintf(gettext("querying %s for file creation and modification times.."), $config{rcs}));
-                                               $times_noted=1;
-                                       }
-
-                                       eval {
-                                               my $ctime=rcs_getctime("$config{srcdir}/$file");
-                                               if ($ctime > 0) {
-                                                       $pagectime{$page}=$ctime;
-                                               }
-                                       };
-                                       if ($@) {
-                                               print STDERR $@;
-                                       }
-                                       my $mtime;
-                                       eval {
-                                               $mtime=rcs_getmtime("$config{srcdir}/$file");
-                                       };
-                                       if ($@) {
-                                               print STDERR $@;
-                                       }
-                                       elsif ($mtime > 0) {
-                                               utime($mtime, $mtime, "$config{srcdir}/$file");
-                                       }
-                               }
                        }
                        $pagecase{lc $page}=$page;
                        if (! exists $pagectime{$page}) {
@@ -409,7 +421,7 @@ sub find_del_files ($) {
        my @del;
        my @internal_del;
 
-       foreach my $page (keys %pagemtime) {
+       foreach my $page (keys %pagesources) {
                if (! $pages->{$page}) {
                        if (isinternal($page)) {
                                push @internal_del, $pagesources{$page};
@@ -431,7 +443,7 @@ sub remove_del (@) {
        foreach my $file (@_) {
                my $page=pagename($file);
                if (! isinternal($page)) {
-                       debug(sprintf(gettext("removing old page %s"), $page));
+                       debug(sprintf(gettext("removing obsolete %s"), $page));
                }
        
                foreach my $old (@{$oldrenderedfiles{$page}}) {
@@ -445,6 +457,7 @@ sub remove_del (@) {
                }
        
                delete $pagecase{lc $page};
+               $delpagesources{$page}=$pagesources{$page};
                delete $pagesources{$page};
        }
 }
@@ -526,7 +539,7 @@ sub link_types_changed ($$) {
        my $old = shift;
 
        return 0 if !defined $new && !defined $old;
-       return 1 if !defined $new || !defined $old;
+       return 1 if (!defined $new && %$old) || (!defined $old && %$new);
 
        while (my ($type, $links) = each %$new) {
                foreach my $link (keys %$links) {
@@ -591,13 +604,23 @@ sub render_dependent ($$$$$$$) {
        
        my %lc_changed = map { lc(pagename($_)) => 1 } @changed;
        my %lc_exists_changed = map { lc(pagename($_)) => 1 } @exists_changed;
+
+       foreach my $p ("templates/page.tmpl", keys %{$depends_simple{""}}) {
+               if ($rendered{$p} || grep { $_ eq $p } @$del) {
+                       foreach my $f (@$files) {
+                               next if $rendered{$f};
+                               render($f, sprintf(gettext("building %s, which depends on %s"), $f, $p));
+                       }
+                       return 0;
+               }
+       }
         
        foreach my $f (@$files) {
                next if $rendered{$f};
                my $p=pagename($f);
                my $reason = undef;
-       
-               if (exists $depends_simple{$p}) {
+
+               if (exists $depends_simple{$p} && ! defined $reason) {
                        foreach my $d (keys %{$depends_simple{$p}}) {
                                if (($depends_simple{$p}{$d} & $IkiWiki::DEPEND_CONTENT &&
                                     $lc_changed{$d})
@@ -622,7 +645,7 @@ sub render_dependent ($$$$$$$) {
                                # only consider internal files
                                # if the page explicitly depends
                                # on such files
-                               my $internal_dep=$dep =~ /internal\(/;
+                               my $internal_dep=$dep =~ /(?:internal|comment|comment_pending)\(/;
 
                                my $in=sub {
                                        my $list=shift;
@@ -634,34 +657,35 @@ sub render_dependent ($$$$$$$) {
                                                        if ($type == $IkiWiki::DEPEND_LINKS) {
                                                                next unless $linkchangers->{lc($page)};
                                                        }
-                                                       return $page;
+                                                       $reason=$page;
+                                                       return 1;
                                                }
                                        }
                                        return undef;
                                };
 
                                if ($depends{$p}{$dep} & $IkiWiki::DEPEND_CONTENT) {
-                                       last if $reason =
-                                               $in->(\@changed, $IkiWiki::DEPEND_CONTENT);
-                                       last if $internal_dep && ($reason =
+                                       last if $in->(\@changed, $IkiWiki::DEPEND_CONTENT);
+                                       last if $internal_dep && (
                                                $in->($internal_new, $IkiWiki::DEPEND_CONTENT) ||
                                                $in->($internal_del, $IkiWiki::DEPEND_CONTENT) ||
-                                               $in->($internal_changed, $IkiWiki::DEPEND_CONTENT));
+                                               $in->($internal_changed, $IkiWiki::DEPEND_CONTENT)
+                                       );
                                }
                                if ($depends{$p}{$dep} & $IkiWiki::DEPEND_PRESENCE) {
-                                       last if $reason = 
-                                               $in->(\@exists_changed, $IkiWiki::DEPEND_PRESENCE);
-                                       last if $internal_dep && ($reason =
+                                       last if $in->(\@exists_changed, $IkiWiki::DEPEND_PRESENCE);
+                                       last if $internal_dep && (
                                                $in->($internal_new, $IkiWiki::DEPEND_PRESENCE) ||
-                                               $in->($internal_del, $IkiWiki::DEPEND_PRESENCE));
+                                               $in->($internal_del, $IkiWiki::DEPEND_PRESENCE)
+                                       );
                                }
                                if ($depends{$p}{$dep} & $IkiWiki::DEPEND_LINKS) {
-                                       last if $reason =
-                                               $in->(\@changed, $IkiWiki::DEPEND_LINKS);
-                                       last if $internal_dep && ($reason =
+                                       last if $in->(\@changed, $IkiWiki::DEPEND_LINKS);
+                                       last if $internal_dep && (
                                                $in->($internal_new, $IkiWiki::DEPEND_LINKS) ||
                                                $in->($internal_del, $IkiWiki::DEPEND_LINKS) ||
-                                               $in->($internal_changed, $IkiWiki::DEPEND_LINKS));
+                                               $in->($internal_changed, $IkiWiki::DEPEND_LINKS)
+                                       );
                                }
                        }
                }
@@ -685,6 +709,49 @@ sub render_backlinks ($) {
        }
 }
 
+sub gen_autofile ($$$) {
+       my $autofile=shift;
+       my $pages=shift;
+       my $del=shift;
+
+       if (file_pruned($autofile)) {
+               return;
+       }
+
+       my ($file)="$config{srcdir}/$autofile" =~ /$config{wiki_file_regexp}/; # untaint
+       if (! defined $file) {
+               return;
+       }
+
+       # Remember autofiles that were tried, and never try them again later.
+       if (exists $wikistate{$autofiles{$autofile}{plugin}}{autofile}{$autofile}) {
+               return;
+       }
+       $wikistate{$autofiles{$autofile}{plugin}}{autofile}{$autofile}=1;
+
+       if (srcfile($autofile, 1) || file_pruned($autofile)) {
+               return;
+       }
+       
+       if (-l $file || -d _ || -e _) {
+               return;
+       }
+
+       my $page = pagename($file);
+       if ($pages->{$page}) {
+               return;
+       }
+
+       if (grep { $_ eq $autofile } @$del) {
+               return;
+       }
+
+       $autofiles{$autofile}{generator}->();
+       $pages->{$page}=1;
+       return 1;
+}
+
+
 sub refresh () {
        srcdir_check();
        run_hooks(refresh => sub { shift->() });
@@ -699,6 +766,16 @@ sub refresh () {
                scan($file);
        }
 
+       foreach my $autofile (keys %autofiles) {
+               if (gen_autofile($autofile, $pages, $del)) {
+                       push @{$files}, $autofile;
+                       push @{$new}, $autofile if find_new_files([$autofile]);
+                       push @{$changed}, $autofile if find_changed([$autofile]);
+                       
+                       scan($autofile);
+               }
+       }
+
        calculate_links();
        
        remove_del(@$del, @$internal_del);
@@ -716,7 +793,7 @@ sub refresh () {
        foreach my $file (@$new, @$del) {
                render_linkers($file);
        }
-       
+
        if (@$changed || @$internal_changed ||
            @$del || @$internal_del || @$internal_new) {
                1 while render_dependent($files, $new, $internal_new,
@@ -727,8 +804,8 @@ sub refresh () {
        render_backlinks($backlinkchanged);
        remove_unrendered();
 
-       if (@$del) {
-               run_hooks(delete => sub { shift->(@$del) });
+       if (@$del || @$internal_del) {
+               run_hooks(delete => sub { shift->(@$del, @$internal_del) });
        }
        if (%rendered) {
                run_hooks(change => sub { shift->(keys %rendered) });