use IkiWiki;
use open qw{:utf8 :std};
-sub import { #{{{
+sub import {
hook(type => "getsetup", id => "editpage", call => \&getsetup);
hook(type => "refresh", id => "editpage", call => \&refresh);
hook(type => "sessioncgi", id => "editpage", call => \&IkiWiki::cgi_editpage);
-} # }}}
+}
-sub getsetup () { #{{{
+sub getsetup () {
return
plugin => {
safe => 1,
rebuild => 1,
},
-} #}}}
+}
sub refresh () {
if (exists $wikistate{editpage} && exists $wikistate{editpage}{previews}) {
# and other plugins use the functions below.
package IkiWiki;
-sub check_canedit ($$$;$) { #{{{
+sub check_canedit ($$$;$) {
my $page=shift;
my $q=shift;
my $session=shift;
}
}
});
- return $canedit;
-} #}}}
+ return defined $canedit ? $canedit : 1;
+}
+
+sub check_content (@) {
+ my %params=@_;
+
+ return 1 if ! exists $hooks{checkcontent}; # optimisation
+
+ if (exists $pagesources{$params{page}}) {
+ my @diff;
+ my %old=map { $_ => 1 }
+ split("\n", readfile(srcfile($pagesources{$params{page}})));
+ foreach my $line (split("\n", $params{content})) {
+ push @diff, $line if ! exists $old{$_};
+ }
+ $params{content}=join("\n", @diff);
+ }
+
+ my $ok;
+ run_hooks(checkcontent => sub {
+ return if defined $ok;
+ my $ret=shift->(%params);
+ if (defined $ret) {
+ if ($ret eq "") {
+ $ok=1;
+ }
+ elsif (ref $ret eq 'CODE') {
+ $ret->();
+ $ok=0;
+ }
+ elsif (defined $ret) {
+ error($ret);
+ }
+ }
+
+ });
+ return defined $ok ? $ok : 1;
+}
-sub cgi_editpage ($$) { #{{{
+sub cgi_editpage ($$) {
my $q=shift;
my $session=shift;
header => 0,
table => 0,
template => scalar template_params("editpage.tmpl"),
- wikiname => $config{wikiname},
);
decode_form_utf8($form);
my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page ||
file_pruned($page, $config{srcdir})) {
- error("bad page name");
+ error(gettext("bad page name"));
}
my $baseurl = urlto($page, undef, 1);
file_pruned($from, $config{srcdir}) ||
$from=~/^\// ||
$absolute ||
- $form->submitted eq "Preview") {
+ $form->submitted) {
@page_locs=$best_loc=$page;
}
else {
else {
# save page
check_canedit($page, $q, $session);
-
- # The session id is stored on the form and checked to
- # guard against CSRF. But only if the user is logged in,
- # as anonok can allow anonymous edits.
- if (defined $session->param("name")) {
- my $sid=$q->param('sid');
- if (! defined $sid || $sid ne $session->id) {
- error(gettext("Your login session has expired."));
- }
- }
+ checksessionexpiry($q, $session, $q->param('sid'));
my $exists=-e "$config{srcdir}/$file";
showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
exit;
}
+
+ my $message="";
+ if (defined $form->field('comments') &&
+ length $form->field('comments')) {
+ $message=$form->field('comments');
+ }
my $content=$form->field('editcontent');
+ check_content(content => $content, page => $page,
+ cgi => $q, session => $session,
+ subject => $message);
run_hooks(editcontent => sub {
$content=shift->(
content => $content,
my $conflict;
if ($config{rcs}) {
- my $message="";
- if (defined $form->field('comments') &&
- length $form->field('comments')) {
- $message=$form->field('comments');
- }
-
if (! $exists) {
rcs_add($file);
}
}
exit;
-} #}}}
+}
1