]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/recentchanges.pm
avoid keeping running if a DOS attack is possible
[git.ikiwiki.info.git] / IkiWiki / Plugin / recentchanges.pm
index e124a454089b2470907c19556461b84a8956966e..ef108b3f00d4f031ef3ca3b0f1bab228f0dce279 100644 (file)
@@ -3,19 +3,20 @@ package IkiWiki::Plugin::recentchanges;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 use Encode;
+use HTML::Entities;
 
-sub import { #{{{
+sub import {
        hook(type => "getsetup", id => "recentchanges", call => \&getsetup);
        hook(type => "checkconfig", id => "recentchanges", call => \&checkconfig);
        hook(type => "refresh", id => "recentchanges", call => \&refresh);
        hook(type => "pagetemplate", id => "recentchanges", call => \&pagetemplate);
        hook(type => "htmlize", id => "_change", call => \&htmlize);
        hook(type => "cgi", id => "recentchanges", call => \&cgi);
-} #}}}
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
        return
                plugin => {
                        safe => 1,
@@ -35,14 +36,14 @@ sub getsetup () { #{{{
                        safe => 1,
                        rebuild => 0,
                },
-} #}}}
+}
 
-sub checkconfig () { #{{{
+sub checkconfig () {
        $config{recentchangespage}='recentchanges' unless defined $config{recentchangespage};
        $config{recentchangesnum}=100 unless defined $config{recentchangesnum};
-} #}}}
+}
 
-sub refresh ($) { #{{{
+sub refresh ($) {
        my %seen;
 
        # add new changes
@@ -56,10 +57,10 @@ sub refresh ($) { #{{{
                        unlink($config{srcdir}.'/'.$pagesources{$page});
                }
        }
-} #}}}
+}
 
 # Enable the recentchanges link on wiki pages.
-sub pagetemplate (@) { #{{{
+sub pagetemplate (@) {
        my %params=@_;
        my $template=$params{template};
        my $page=$params{page};
@@ -70,15 +71,15 @@ sub pagetemplate (@) { #{{{
                $template->param(recentchangesurl => urlto($config{recentchangespage}, $page));
                $template->param(have_actions => 1);
        }
-} #}}}
+}
 
 # Pages with extension _change have plain html markup, pass through.
-sub htmlize (@) { #{{{
+sub htmlize (@) {
        my %params=@_;
        return $params{content};
-} #}}}
+}
 
-sub cgi ($) { #{{{
+sub cgi ($) {
        my $cgi=shift;
        if (defined $cgi->param('do') && $cgi->param('do') eq "recentchanges_link") {
                # This is a link from a change page to some
@@ -94,6 +95,15 @@ sub cgi ($) { #{{{
 
                IkiWiki::loadindex();
 
+               # If the page is internal (like a comment), see if it has a
+               # permalink. Comments do.
+               if (IkiWiki::isinternal($page) &&
+                   defined $pagestate{$page}{meta}{permalink}) {
+                       IkiWiki::redirect($cgi,
+                                         $pagestate{$page}{meta}{permalink});
+                       exit;
+               }
+
                my $link=bestlink("", $page);
                if (! length $link) {
                        print "Content-type: text/html\n\n";
@@ -111,7 +121,7 @@ sub cgi ($) { #{{{
        }
 }
 
-sub store ($$$) { #{{{
+sub store ($$$) {
        my $change=shift;
 
        my $page="$config{recentchangespage}/change_".titlepage($change->{rev});
@@ -131,7 +141,7 @@ sub store ($$$) { #{{{
                                                do => "recentchanges_link",
                                                page => $_->{page}
                                        ).
-                                       "\">".
+                                       "\" rel=\"nofollow\">".
                                        pagetitle($_->{page}).
                                        "</a>"
                        }
@@ -159,11 +169,13 @@ sub store ($$$) { #{{{
                );
        }
 
-       # escape wikilinks and preprocessor stuff in commit messages
        if (ref $change->{message}) {
                foreach my $field (@{$change->{message}}) {
                        if (exists $field->{line}) {
-                               $field->{line} =~ s/(?<!\\)\[\[/\\\[\[/g;
+                               # escape html
+                               $field->{line} = encode_entities($field->{line});
+                               # escape links and preprocessor stuff
+                               $field->{line} = encode_entities($field->{line}, '\[\]');
                        }
                }
        }
@@ -173,11 +185,10 @@ sub store ($$$) { #{{{
        $template->param(
                %$change,
                commitdate => displaytime($change->{when}, "%X %x"),
-               commitdate_raw => scalar localtime($change->{when}),
                wikiname => $config{wikiname},
        );
        
-       $template->param(permalink => $config{url}."$config{recentchangespage}/#change-".titlepage($change->{rev}))
+       $template->param(permalink => "$config{url}/$config{recentchangespage}/#change-".titlepage($change->{rev}))
                if exists $config{url};
        
        IkiWiki::run_hooks(pagetemplate => sub {
@@ -190,6 +201,6 @@ sub store ($$$) { #{{{
        utime $change->{when}, $change->{when}, "$config{srcdir}/$file";
 
        return $page;
-} #}}}
+}
 
 1