]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/comments.pm
Reference CVE-2016-4561 in 3.20141016.3 changelog
[git.ikiwiki.info.git] / IkiWiki / Plugin / comments.pm
index b1d8578ae04b3512866e21b42a53cb31b1a9ca08..c5177833f2430d28860e26bdeca1356c6b7a03eb 100644 (file)
@@ -35,6 +35,7 @@ sub import {
        # Load goto to fix up user page links for logged-in commenters
        IkiWiki::loadplugin("goto");
        IkiWiki::loadplugin("inline");
        # Load goto to fix up user page links for logged-in commenters
        IkiWiki::loadplugin("goto");
        IkiWiki::loadplugin("inline");
+       IkiWiki::loadplugin("transient");
 }
 
 sub getsetup () {
 }
 
 sub getsetup () {
@@ -437,6 +438,16 @@ sub editcomment ($$) {
                        $page));
        }
 
                        $page));
        }
 
+       # There's no UI to get here, but someone might construct the URL,
+       # leading to a comment that exists in the repository but isn't
+       # shown
+       if (!pagespec_match($page, $config{comments_pagespec},
+               location => $page)) {
+               error(sprintf(gettext(
+                       "comments on page '%s' are not allowed"),
+                       $page));
+       }
+
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
@@ -457,12 +468,15 @@ sub editcomment ($$) {
                $username =~ s/"/"/g;
                $content .= " username=\"$username\"\n";
        }
                $username =~ s/"/"/g;
                $content .= " username=\"$username\"\n";
        }
+
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/"/g;
                $content .= " nickname=\"$nickname\"\n";
        }
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/"/g;
                $content .= " nickname=\"$nickname\"\n";
        }
-       elsif (defined $session->remote_addr()) {
+
+       if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+               defined $session->remote_addr()) {
                $content .= " ip=\"".$session->remote_addr()."\"\n";
        }
 
                $content .= " ip=\"".$session->remote_addr()."\"\n";
        }
 
@@ -555,8 +569,8 @@ sub editcomment ($$) {
                $postcomment=0;
 
                if (! $ok) {
                $postcomment=0;
 
                if (! $ok) {
-                       $location=unique_comment_location($page, $content, $config{srcdir}, "._comment_pending");
-                       writefile("$location._comment_pending", $config{srcdir}, $content);
+                       $location=unique_comment_location($page, $content, $IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+                       writefile("$location._comment_pending", $IkiWiki::Plugin::transient::transientdir, $content);
 
                        # Refresh so anything that deals with pending
                        # comments can be updated.
 
                        # Refresh so anything that deals with pending
                        # comments can be updated.
@@ -681,12 +695,17 @@ sub commentmoderation ($$) {
                                }
 
                                my $page=IkiWiki::dirname($f);
                                }
 
                                my $page=IkiWiki::dirname($f);
-                               my $file="$config{srcdir}/$f";
-                               my $filedir=$config{srcdir};
+                               my $filedir=$IkiWiki::Plugin::transient::transientdir;
+                               my $file="$filedir/$f";
                                if (! -e $file) {
                                        # old location
                                if (! -e $file) {
                                        # old location
-                                       $file="$config{wikistatedir}/comments_pending/".$f;
-                                       $filedir="$config{wikistatedir}/comments_pending";
+                                       $file="$config{srcdir}/$f";
+                                       $filedir=$config{srcdir};
+                                       if (! -e $file) {
+                                               # older location
+                                               $file="$config{wikistatedir}/comments_pending/".$f;
+                                               $filedir="$config{wikistatedir}/comments_pending";
+                                       }
                                }
 
                                if ($action eq 'Accept') {
                                }
 
                                if ($action eq 'Accept') {
@@ -800,6 +819,8 @@ sub comments_pending () {
                chdir($origdir) || die "chdir $origdir: $!";
        };
        
                chdir($origdir) || die "chdir $origdir: $!";
        };
        
+       $find_comments->($IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+       # old location
        $find_comments->($config{srcdir}, "._comment_pending");
        # old location
        $find_comments->("$config{wikistatedir}/comments_pending/",
        $find_comments->($config{srcdir}, "._comment_pending");
        # old location
        $find_comments->("$config{wikistatedir}/comments_pending/",