]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/aggregate.pm
some notes about the security (or lack thereof) of plugins
[git.ikiwiki.info.git] / IkiWiki / Plugin / aggregate.pm
index d59f84450b797c4f55158c6587e1fce7f8edb7c8..2e1ab66e644775faad5b0bcbc231bb5fbd1e0e95 100644 (file)
@@ -5,38 +5,38 @@ package IkiWiki::Plugin::aggregate;
 use warnings;
 use strict;
 use IkiWiki;
+use HTML::Entities;
+use HTML::Parser;
+use HTML::Tagset;
+use URI;
 
 my %feeds;
 my %guids;
 
 sub import { #{{{
-       IkiWiki::hook(type => "getopt", id => "aggregate", 
-               call => \&getopt);
-       IkiWiki::hook(type => "checkconfig", id => "aggregate",
-               call => \&checkconfig);
-       IkiWiki::hook(type => "filter", id => "aggregate", 
-               call => \&filter);
-       IkiWiki::hook(type => "preprocess", id => "aggregate",
-               call => \&preprocess);
-        IkiWiki::hook(type => "delete", id => "aggregate",
-                call => \&delete);
-       IkiWiki::hook(type => "savestate", id => "aggregate",
-               call => \&savestate);
+       hook(type => "getopt", id => "aggregate", call => \&getopt);
+       hook(type => "checkconfig", id => "aggregate", call => \&checkconfig);
+       hook(type => "filter", id => "aggregate", call => \&filter);
+       hook(type => "preprocess", id => "aggregate", call => \&preprocess);
+        hook(type => "delete", id => "aggregate", call => \&delete);
+       hook(type => "savestate", id => "aggregate", call => \&savestate);
 } # }}}
 
 sub getopt () { #{{{
         eval q{use Getopt::Long};
         Getopt::Long::Configure('pass_through');
-        GetOptions("aggregate" => \$IkiWiki::config{aggregate});
+        GetOptions("aggregate" => \$config{aggregate});
 } #}}}
 
 sub checkconfig () { #{{{
+       IkiWiki::lockwiki();
        loadstate();
-       if ($IkiWiki::config{aggregate}) {
+       if ($config{aggregate}) {
                IkiWiki::loadindex();
                aggregate();
                savestate();
        }
+       IkiWiki::unlockwiki();
 } #}}}
 
 sub filter (@) { #{{{
@@ -70,9 +70,9 @@ sub preprocess (@) { #{{{
        $feed->{name}=$name;
        $feed->{sourcepage}=$params{page};
        $feed->{url}=$params{url};
-       my $dir=exists $params{dir} ? $params{dir} : IkiWiki::titlepage($params{name});
+       my $dir=exists $params{dir} ? $params{dir} : $params{page}."/".IkiWiki::titlepage($params{name});
        $dir=~s/^\/+//;
-       ($dir)=$dir=~/$IkiWiki::config{wiki_file_regexp}/;
+       ($dir)=$dir=~/$config{wiki_file_regexp}/;
        $feed->{dir}=$dir;
        $feed->{feedurl}=defined $params{feedurl} ? $params{feedurl} : "";
        $feed->{updateinterval}=defined $params{updateinterval} ? $params{updateinterval} * 60 : 15 * 60;
@@ -83,6 +83,7 @@ sub preprocess (@) { #{{{
        $feed->{numposts}=0 unless defined $feed->{numposts};
        $feed->{newposts}=0 unless defined $feed->{newposts};
        $feed->{message}="new feed" unless defined $feed->{message};
+       $feed->{error}=0 unless defined $feed->{error};
        $feed->{tags}=[];
        while (@_) {
                my $key=shift;
@@ -93,8 +94,11 @@ sub preprocess (@) { #{{{
        }
 
        return "<a href=\"".$feed->{url}."\">".$feed->{name}."</a>: ".
-              "<i>".$feed->{message}."</i> (".$feed->{numposts}.
-              " stored posts; ".$feed->{newposts}." new)<br />";
+              ($feed->{error} ? "<em>" : "").$feed->{message}.
+              ($feed->{error} ? "</em>" : "").
+              " (".$feed->{numposts}." posts".
+              ($feed->{newposts} ? "; ".$feed->{newposts}." new" : "").
+              ")";
 } # }}}
 
 sub delete (@) { #{{{
@@ -102,17 +106,15 @@ sub delete (@) { #{{{
 
        # Remove feed data for removed pages.
        foreach my $file (@files) {
-               my $page=IkiWiki::pagename($file);
+               my $page=pagename($file);
                remove_feeds($page);
        }
 } #}}}
 
 sub loadstate () { #{{{
-       eval q{use HTML::Entities};
-       die $@ if $@;
-       if (-e "$IkiWiki::config{wikistatedir}/aggregate") {
-               open (IN, "$IkiWiki::config{wikistatedir}/aggregate" ||
-                       die "$IkiWiki::config{wikistatedir}/aggregate: $!");
+       if (-e "$config{wikistatedir}/aggregate") {
+               open (IN, "$config{wikistatedir}/aggregate" ||
+                       die "$config{wikistatedir}/aggregate: $!");
                while (<IN>) {
                        $_=IkiWiki::possibly_foolish_untaint($_);
                        chomp;
@@ -146,8 +148,8 @@ sub loadstate () { #{{{
 sub savestate () { #{{{
        eval q{use HTML::Entities};
        die $@ if $@;
-       open (OUT, ">$IkiWiki::config{wikistatedir}/aggregate" ||
-               die "$IkiWiki::config{wikistatedir}/aggregate: $!");
+       open (OUT, ">$config{wikistatedir}/aggregate" ||
+               die "$config{wikistatedir}/aggregate: $!");
        foreach my $data (values %feeds, values %guids) {
                if ($data->{remove}) {
                        if ($data->{name}) {
@@ -188,18 +190,20 @@ sub aggregate () { #{{{
        die $@ if $@;
 
        foreach my $feed (values %feeds) {
-               next unless time - $feed->{lastupdate} >= $feed->{updateinterval};
+               next unless $config{rebuild} || 
+                       time - $feed->{lastupdate} >= $feed->{updateinterval};
                $feed->{lastupdate}=time;
                $feed->{newposts}=0;
                $IkiWiki::forcerebuild{$feed->{sourcepage}}=1;
 
-               IkiWiki::debug("checking feed ".$feed->{name}." ...");
+               debug("checking feed ".$feed->{name}." ...");
 
                if (! length $feed->{feedurl}) {
                        my @urls=XML::Feed->find_feeds($feed->{url});
                        if (! @urls) {
                                $feed->{message}="could not find feed at ".$feed->{feedurl};
-                               IkiWiki::debug($feed->{message});
+                               $feed->{error}=1;
+                               debug($feed->{message});
                                next;
                        }
                        $feed->{feedurl}=pop @urls;
@@ -207,12 +211,14 @@ sub aggregate () { #{{{
                my $f=eval{XML::Feed->parse(URI->new($feed->{feedurl}))};
                if ($@) {
                        $feed->{message}="feed crashed XML::Feed! $@";
-                       IkiWiki::debug($feed->{message});
+                       $feed->{error}=1;
+                       debug($feed->{message});
                        next;
                }
                if (! $f) {
                        $feed->{message}=XML::Feed->errstr;
-                       IkiWiki::debug($feed->{message});
+                       $feed->{error}=1;
+                       debug($feed->{message});
                        next;
                }
 
@@ -227,7 +233,9 @@ sub aggregate () { #{{{
                        );
                }
 
-               $feed->{message}="processed ok";
+               $feed->{message}="processed ok at ".
+                       displaytime($feed->{lastupdate});
+               $feed->{error}=0;
        }
 
        # TODO: expiry
@@ -252,19 +260,22 @@ sub add_page (@) { #{{{
                $feed->{newposts}++;
 
                # assign it an unused page
-               my $page=$feed->{dir}."/".IkiWiki::titlepage($params{title});
-               ($page)=$page=~/$IkiWiki::config{wiki_file_regexp}/;
+               my $page=IkiWiki::titlepage($params{title});
+               # escape slashes and periods in title so it doesn't specify
+               # directory name or trigger ".." disallowing code.
+               $page=~s!([/.])!"__".ord($1)."__"!eg;
+               $page=$feed->{dir}."/".$page;
+               ($page)=$page=~/$config{wiki_file_regexp}/;
                if (! defined $page || ! length $page) {
                        $page=$feed->{dir}."/item";
                }
-               $page=~s/\.\.//g; # avoid ".." directory tricks
                my $c="";
-               while (exists $IkiWiki::pagesources{$page.$c} ||
+               while (exists $IkiWiki::pagecase{lc $page.$c} ||
                       -e pagefile($page.$c)) {
                        $c++
                }
                $guid->{page}=$page;
-               IkiWiki::debug("creating new page $page");
+               debug("creating new page $page");
        }
        $guid->{feed}=$feed->{name};
        
@@ -274,22 +285,22 @@ sub add_page (@) { #{{{
        eval q{use Digest::MD5 'md5_hex'};
        require Encode;
        my $digest=md5_hex(Encode::encode_utf8($params{content}));
-       return unless ! exists $guid->{md5} || $guid->{md5} ne $digest;
+       return unless ! exists $guid->{md5} || $guid->{md5} ne $digest || $config{rebuild};
        $guid->{md5}=$digest;
 
        # Create the page.
-       my $template=IkiWiki::template("aggregatepost.tmpl", blind_cache => 1);
-       my $content=$params{content};
-       $params{content}=~s/(?<!\\)\[\[/\\\[\[/g; # escape accidental wikilinks
-                                                 # and preprocessor stuff
-       $template->param(content => $params{content});
-       $template->param(url => $feed->{url});
+       my $template=template("aggregatepost.tmpl", blind_cache => 1);
+       $template->param(title => $params{title})
+               if defined $params{title} && length($params{title});
+       $template->param(content => htmlescape(htmlabs($params{content}, $feed->{feedurl})));
        $template->param(name => $feed->{name});
-       $template->param(link => $params{link}) if defined $params{link};
+       $template->param(url => $feed->{url});
+       $template->param(permalink => urlabs($params{link}, $feed->{feedurl}))
+               if defined $params{link};
        if (ref $feed->{tags}) {
                $template->param(tags => [map { tag => $_ }, @{$feed->{tags}}]);
        }
-       IkiWiki::writefile($guid->{page}.".html", $IkiWiki::config{srcdir},
+       writefile(htmlpage($guid->{page}), $config{srcdir},
                $template->output);
 
        # Set the mtime, this lets the build process get the right creation
@@ -297,6 +308,58 @@ sub add_page (@) { #{{{
        utime $mtime, $mtime, pagefile($guid->{page}) if defined $mtime;
 } #}}}
 
+sub htmlescape ($) { #{{{
+       # escape accidental wikilinks and preprocessor stuff
+       my $html=shift;
+       $html=~s/(?<!\\)\[\[/\\\[\[/g;
+       return $html;
+} #}}}
+
+sub urlabs ($$) { #{{{
+       my $url=shift;
+       my $urlbase=shift;
+
+       URI->new_abs($url, $urlbase)->as_string;
+} #}}}
+
+sub htmlabs ($$) { #{{{
+       # Convert links in html from relative to absolute.
+       # Note that this is a heuristic, which is not specified by the rss
+       # spec and may not be right for all feeds. Also, see Debian
+       # bug #381359.
+       my $html=shift;
+       my $urlbase=shift;
+
+       my $ret="";
+       my $p = HTML::Parser->new(api_version => 3);
+       $p->handler(default => sub { $ret.=join("", @_) }, "text");
+       $p->handler(start => sub {
+               my ($tagname, $pos, $text) = @_;
+               if (ref $HTML::Tagset::linkElements{$tagname}) {
+                       while (4 <= @$pos) {
+                               # use attribute sets from right to left
+                               # to avoid invalidating the offsets
+                               # when replacing the values
+                               my($k_offset, $k_len, $v_offset, $v_len) =
+                                       splice(@$pos, -4);
+                               my $attrname = lc(substr($text, $k_offset, $k_len));
+                               next unless grep { $_ eq $attrname } @{$HTML::Tagset::linkElements{$tagname}};
+                               next unless $v_offset; # 0 v_offset means no value
+                               my $v = substr($text, $v_offset, $v_len);
+                               $v =~ s/^([\'\"])(.*)\1$/$2/;
+                               my $new_v=urlabs($v, $urlbase);
+                               $new_v =~ s/\"/&quot;/g; # since we quote with ""
+                               substr($text, $v_offset, $v_len) = qq("$new_v");
+                       }
+               }
+               $ret.=$text;
+       }, "tagname, tokenpos, text");
+       $p->parse($html);
+       $p->eof;
+
+       return $ret;
+} #}}}
+
 sub remove_feeds () { #{{{
        my $page=shift;
 
@@ -310,9 +373,9 @@ sub remove_feeds () { #{{{
 } #}}}
 
 sub pagefile ($) { #{{{
-       my $page=lc(shift);
+       my $page=shift;
 
-       return "$IkiWiki::config{srcdir}/$page.html";
+       return "$config{srcdir}/".htmlpage($page);
 } #}}}
 
 1