]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/goto.pm
describe unexpected situation where a logged-in user can delete other comments
[git.ikiwiki.info.git] / IkiWiki / Plugin / goto.pm
index 4fd1471e98db36e72a5ce5f9695a479c35591929..3a946b19da9a487a5e76b395a709a2629560dff4 100644 (file)
@@ -7,6 +7,7 @@ use IkiWiki 3.00;
 
 sub import {
        hook(type => "cgi", id => 'goto',  call => \&cgi);
 
 sub import {
        hook(type => "cgi", id => 'goto',  call => \&cgi);
+       hook(type => "getsetup", id => 'goto',  call => \&getsetup);
 }
 
 sub getsetup () {
 }
 
 sub getsetup () {
@@ -14,6 +15,7 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => 0,
                plugin => {
                        safe => 1,
                        rebuild => 0,
+                       section => "web",
                }
 }
 
                }
 }
 
@@ -25,28 +27,36 @@ sub cgi_goto ($;$) {
        my $page = shift;
 
        if (!defined $page) {
        my $page = shift;
 
        if (!defined $page) {
-               $page = IkiWiki::decode_utf8($q->param("page"));
+               $page = IkiWiki::decode_utf8(scalar $q->param("page"));
 
                if (!defined $page) {
                        error("missing page parameter");
                }
        }
 
 
                if (!defined $page) {
                        error("missing page parameter");
                }
        }
 
+       # It's possible that $page is not a valid page name;
+       # if so attempt to turn it into one.
+       if ($page !~ /$config{wiki_file_regexp}/) {
+               $page=titlepage($page);
+       }
+
        IkiWiki::loadindex();
 
        IkiWiki::loadindex();
 
-       # If the page is internal (like a comment), see if it has a
-       # permalink. Comments do.
-       if (IkiWiki::isinternal($page) &&
-           defined $pagestate{$page}{meta}{permalink}) {
-               Ikiwiki::redirect($q, $pagestate{$page}{meta}{permalink});
+       my $link;
+       if (! IkiWiki::isinternal($page)) {
+               $link = bestlink("", $page);
+       }
+       elsif (defined $pagestate{$page}{meta}{permalink}) {
+               # Can only redirect to an internal page if it has a
+               # permalink.
+               IkiWiki::redirect($q, $pagestate{$page}{meta}{permalink});
        }
 
        }
 
-       my $link = bestlink("", $page);
-
-       if (! length $link) {
+       if (! defined $link || ! length $link) {
                IkiWiki::cgi_custom_failure(
                IkiWiki::cgi_custom_failure(
-                       $q->header(-status => "404 Not Found"),
-                       IkiWiki::misctemplate(gettext("missing page"),
+                       $q,
+                       "404 Not Found",
+                       IkiWiki::cgitemplate($q, gettext("missing page"),
                                "<p>".
                                sprintf(gettext("The page %s does not exist."),
                                        htmllink("", "", $page)).
                                "<p>".
                                sprintf(gettext("The page %s does not exist."),
                                        htmllink("", "", $page)).
@@ -54,7 +64,7 @@ sub cgi_goto ($;$) {
                )
        }
        else {
                )
        }
        else {
-               IkiWiki::redirect($q, urlto($link, undef, 1));
+               IkiWiki::redirect($q, urlto($link));
        }
 
        exit;
        }
 
        exit;
@@ -65,7 +75,7 @@ sub cgi ($) {
        my $do = $cgi->param('do');
 
        if (defined $do && ($do eq 'goto' || $do eq 'commenter' ||
        my $do = $cgi->param('do');
 
        if (defined $do && ($do eq 'goto' || $do eq 'commenter' ||
-                              $do eq 'recentchanged_link')) {
+                              $do eq 'recentchanges_link')) {
                # goto is the preferred name for this; recentchanges_link and
                # commenter are for compatibility with any saved URLs
                cgi_goto($cgi);
                # goto is the preferred name for this; recentchanges_link and
                # commenter are for compatibility with any saved URLs
                cgi_goto($cgi);