]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/editpage.pm
po/todo: take note of the commit that will need to be reverted later
[git.ikiwiki.info.git] / IkiWiki / Plugin / editpage.pm
index fe2864bac7737cfdd151aec111ea81a966003f6b..480e82804a3beb599df3969d788508dd550bccb6 100644 (file)
@@ -6,19 +6,19 @@ use strict;
 use IkiWiki;
 use open qw{:utf8 :std};
 
-sub import { #{{{
+sub import {
        hook(type => "getsetup", id => "editpage", call => \&getsetup);
        hook(type => "refresh", id => "editpage", call => \&refresh);
         hook(type => "sessioncgi", id => "editpage", call => \&IkiWiki::cgi_editpage);
-} # }}}
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
        return
                plugin => {
                        safe => 1,
                        rebuild => 1,
                },
-} #}}}
+}
 
 sub refresh () {
        if (exists $wikistate{editpage} && exists $wikistate{editpage}{previews}) {
@@ -54,7 +54,7 @@ sub refresh () {
 # and other plugins use the functions below.
 package IkiWiki;
 
-sub check_canedit ($$$;$) { #{{{
+sub check_canedit ($$$;$) {
        my $page=shift;
        my $q=shift;
        my $session=shift;
@@ -78,10 +78,47 @@ sub check_canedit ($$$;$) { #{{{
                        }
                }
        });
-       return $canedit;
-} #}}}
+       return defined $canedit ? $canedit : 1;
+}
+
+sub check_content (@) {
+       my %params=@_;
+       
+       return 1 if ! exists $hooks{checkcontent}; # optimisation
+
+       if (exists $pagesources{$params{page}}) {
+               my @diff;
+               my %old=map { $_ => 1 }
+                       split("\n", readfile(srcfile($pagesources{$params{page}})));
+               foreach my $line (split("\n", $params{content})) {
+                       push @diff, $line if ! exists $old{$_};
+               }
+               $params{diff}=join("\n", @diff);
+       }
+
+       my $ok;
+       run_hooks(checkcontent => sub {
+               return if defined $ok;
+               my $ret=shift->(%params);
+               if (defined $ret) {
+                       if ($ret eq "") {
+                               $ok=1;
+                       }
+                       elsif (ref $ret eq 'CODE') {
+                               $ret->() unless $params{nonfatal};
+                               $ok=0;
+                       }
+                       elsif (defined $ret) {
+                               error($ret) unless $params{nonfatal};
+                               $ok=0;
+                       }
+               }
+
+       });
+       return defined $ok ? $ok : 1;
+}
 
-sub cgi_editpage ($$) { #{{{
+sub cgi_editpage ($$) {
        my $q=shift;
        my $session=shift;
        
@@ -105,7 +142,6 @@ sub cgi_editpage ($$) { #{{{
                header => 0,
                table => 0,
                template => scalar template_params("editpage.tmpl"),
-               wikiname => $config{wikiname},
        );
        
        decode_form_utf8($form);
@@ -340,16 +376,7 @@ sub cgi_editpage ($$) { #{{{
        else {
                # save page
                check_canedit($page, $q, $session);
-       
-               # The session id is stored on the form and checked to
-               # guard against CSRF. But only if the user is logged in,
-               # as anonok can allow anonymous edits.
-               if (defined $session->param("name")) {
-                       my $sid=$q->param('sid');
-                       if (! defined $sid || $sid ne $session->id) {
-                               error(gettext("Your login session has expired."));
-                       }
-               }
+               checksessionexpiry($q, $session, $q->param('sid'));
 
                my $exists=-e "$config{srcdir}/$file";
 
@@ -378,8 +405,17 @@ sub cgi_editpage ($$) { #{{{
                        showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
                        exit;
                }
+                       
+               my $message="";
+               if (defined $form->field('comments') &&
+                   length $form->field('comments')) {
+                       $message=$form->field('comments');
+               }
                
                my $content=$form->field('editcontent');
+               check_content(content => $content, page => $page,
+                       cgi => $q, session => $session,
+                       subject => $message);
                run_hooks(editcontent => sub {
                        $content=shift->(
                                content => $content,
@@ -413,12 +449,6 @@ sub cgi_editpage ($$) { #{{{
                
                my $conflict;
                if ($config{rcs}) {
-                       my $message="";
-                       if (defined $form->field('comments') &&
-                           length $form->field('comments')) {
-                               $message=$form->field('comments');
-                       }
-                       
                        if (! $exists) {
                                rcs_add($file);
                        }
@@ -462,6 +492,6 @@ sub cgi_editpage ($$) { #{{{
        }
 
        exit;
-} #}}}
+}
 
 1