]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/aggregate.pm
* Fix a security hole that allowed a web user to edit images and other
[git.ikiwiki.info.git] / IkiWiki / Plugin / aggregate.pm
index ba33a80aa23d06394ebb2e4d22b636b1412fcb3c..7fceb0df3d54112478f25ab946477bd418416ee5 100644 (file)
@@ -5,38 +5,41 @@ package IkiWiki::Plugin::aggregate;
 use warnings;
 use strict;
 use IkiWiki;
+use HTML::Entities;
+use HTML::Parser;
+use HTML::Tagset;
+use URI;
+use open qw{:utf8 :std};
 
 my %feeds;
 my %guids;
 
 sub import { #{{{
-       IkiWiki::hook(type => "getopt", id => "aggregate", 
-               call => \&getopt);
-       IkiWiki::hook(type => "checkconfig", id => "aggregate",
-               call => \&checkconfig);
-       IkiWiki::hook(type => "filter", id => "aggregate", 
-               call => \&filter);
-       IkiWiki::hook(type => "preprocess", id => "aggregate",
-               call => \&preprocess);
-        IkiWiki::hook(type => "delete", id => "aggregate",
-                call => \&delete);
-       IkiWiki::hook(type => "savestate", id => "aggregate",
-               call => \&savestate);
+       hook(type => "getopt", id => "aggregate", call => \&getopt);
+       hook(type => "checkconfig", id => "aggregate", call => \&checkconfig);
+       hook(type => "filter", id => "aggregate", call => \&filter);
+       hook(type => "preprocess", id => "aggregate", call => \&preprocess);
+        hook(type => "delete", id => "aggregate", call => \&delete);
+       hook(type => "savestate", id => "aggregate", call => \&savestate);
 } # }}}
 
 sub getopt () { #{{{
         eval q{use Getopt::Long};
+       error($@) if $@;
         Getopt::Long::Configure('pass_through');
-        GetOptions("aggregate" => \$IkiWiki::config{aggregate});
+        GetOptions("aggregate" => \$config{aggregate});
 } #}}}
 
 sub checkconfig () { #{{{
+       IkiWiki::lockwiki();
        loadstate();
-       if ($IkiWiki::config{aggregate}) {
+       if ($config{aggregate}) {
                IkiWiki::loadindex();
                aggregate();
+               expire();
                savestate();
        }
+       IkiWiki::unlockwiki();
 } #}}}
 
 sub filter (@) { #{{{
@@ -55,7 +58,7 @@ sub preprocess (@) { #{{{
 
        foreach my $required (qw{name url}) {
                if (! exists $params{$required}) {
-                       return "[[aggregate plugin missing $required parameter]]";
+                       return "[[".sprintf(gettext("aggregate plugin missing %s parameter"), $required)."]]";
                }
        }
 
@@ -70,19 +73,21 @@ sub preprocess (@) { #{{{
        $feed->{name}=$name;
        $feed->{sourcepage}=$params{page};
        $feed->{url}=$params{url};
-       my $dir=exists $params{dir} ? $params{dir} : "feed/".IkiWiki::titlepage($params{name});
+       my $dir=exists $params{dir} ? $params{dir} : $params{page}."/".IkiWiki::titlepage($params{name});
        $dir=~s/^\/+//;
-       ($dir)=$dir=~/$IkiWiki::config{wiki_file_regexp}/;
+       ($dir)=$dir=~/$config{wiki_file_regexp}/;
        $feed->{dir}=$dir;
        $feed->{feedurl}=defined $params{feedurl} ? $params{feedurl} : "";
        $feed->{updateinterval}=defined $params{updateinterval} ? $params{updateinterval} * 60 : 15 * 60;
        $feed->{expireage}=defined $params{expireage} ? $params{expireage} : 0;
        $feed->{expirecount}=defined $params{expirecount} ? $params{expirecount} : 0;
        delete $feed->{remove};
+       delete $feed->{expired};
        $feed->{lastupdate}=0 unless defined $feed->{lastupdate};
        $feed->{numposts}=0 unless defined $feed->{numposts};
        $feed->{newposts}=0 unless defined $feed->{newposts};
-       $feed->{message}="new feed" unless defined $feed->{message};
+       $feed->{message}=gettext("new feed") unless defined $feed->{message};
+       $feed->{error}=0 unless defined $feed->{error};
        $feed->{tags}=[];
        while (@_) {
                my $key=shift;
@@ -93,8 +98,12 @@ sub preprocess (@) { #{{{
        }
 
        return "<a href=\"".$feed->{url}."\">".$feed->{name}."</a>: ".
-              "<i>".$feed->{message}."</i> (".$feed->{numposts}.
-              " stored posts; ".$feed->{newposts}." new)<br />";
+              ($feed->{error} ? "<em>" : "").$feed->{message}.
+              ($feed->{error} ? "</em>" : "").
+              " (".$feed->{numposts}." ".gettext("posts").
+              ($feed->{newposts} ? "; ".$feed->{newposts}.
+                                   " ".gettext("new") : "").
+              ")";
 } # }}}
 
 sub delete (@) { #{{{
@@ -102,17 +111,15 @@ sub delete (@) { #{{{
 
        # Remove feed data for removed pages.
        foreach my $file (@files) {
-               my $page=IkiWiki::pagename($file);
+               my $page=pagename($file);
                remove_feeds($page);
        }
 } #}}}
 
 sub loadstate () { #{{{
-       eval q{use HTML::Entities};
-       die $@ if $@;
-       if (-e "$IkiWiki::config{wikistatedir}/aggregate") {
-               open (IN, "$IkiWiki::config{wikistatedir}/aggregate" ||
-                       die "$IkiWiki::config{wikistatedir}/aggregate: $!");
+       if (-e "$config{wikistatedir}/aggregate") {
+               open (IN, "$config{wikistatedir}/aggregate" ||
+                       die "$config{wikistatedir}/aggregate: $!");
                while (<IN>) {
                        $_=IkiWiki::possibly_foolish_untaint($_);
                        chomp;
@@ -145,9 +152,9 @@ sub loadstate () { #{{{
 
 sub savestate () { #{{{
        eval q{use HTML::Entities};
-       die $@ if $@;
-       open (OUT, ">$IkiWiki::config{wikistatedir}/aggregate" ||
-               die "$IkiWiki::config{wikistatedir}/aggregate: $!");
+       error($@) if $@;
+       open (OUT, ">$config{wikistatedir}/aggregate" ||
+               die "$config{wikistatedir}/aggregate: $!");
        foreach my $data (values %feeds, values %guids) {
                if ($data->{remove}) {
                        if ($data->{name}) {
@@ -162,6 +169,11 @@ sub savestate () { #{{{
                        }
                        next;
                }
+               elsif ($data->{expired} && exists $data->{page}) {
+                       unlink pagefile($data->{page});
+                       delete $data->{page};
+                       delete $data->{md5};
+               }
 
                my @line;
                foreach my $field (keys %$data) {
@@ -181,38 +193,69 @@ sub savestate () { #{{{
        close OUT;
 } #}}}
 
+sub expire () { #{{{
+       foreach my $feed (values %feeds) {
+               next unless $feed->{expireage} || $feed->{expirecount};
+               my $count=0;
+               foreach my $item (sort { $IkiWiki::pagectime{$b->{page}} <=> $IkiWiki::pagectime{$a->{page}} }
+                                 grep { exists $_->{page} && $_->{feed} eq $feed->{name} && $IkiWiki::pagectime{$_->{page}} }
+                                 values %guids) {
+                       if ($feed->{expireage}) {
+                               my $days_old = (time - $IkiWiki::pagectime{$item->{page}}) / 60 / 60 / 24;
+                               if ($days_old > $feed->{expireage}) {
+                                       debug(sprintf(gettext("expiring %s (%s days old)"),
+                                               $item->{page}, $days_old));
+                                       $item->{expired}=1;
+                               }
+                       }
+                       elsif ($feed->{expirecount} &&
+                              $count >= $feed->{expirecount}) {
+                               debug(sprintf(gettext("expiring %s"), $item->{page}));
+                               $item->{expired}=1;
+                       }
+                       else {
+                               $count++;
+                       }
+               }
+       }
+} #}}}
+
 sub aggregate () { #{{{
        eval q{use XML::Feed};
-       die $@ if $@;
+       error($@) if $@;
        eval q{use HTML::Entities};
-       die $@ if $@;
+       error($@) if $@;
 
        foreach my $feed (values %feeds) {
-               next unless time - $feed->{lastupdate} >= $feed->{updateinterval};
+               next unless $config{rebuild} || 
+                       time - $feed->{lastupdate} >= $feed->{updateinterval};
                $feed->{lastupdate}=time;
                $feed->{newposts}=0;
                $IkiWiki::forcerebuild{$feed->{sourcepage}}=1;
 
-               IkiWiki::debug("checking feed ".$feed->{name}." ...");
+               debug(sprintf(gettext("checking feed %s ..."), $feed->{name}));
 
                if (! length $feed->{feedurl}) {
                        my @urls=XML::Feed->find_feeds($feed->{url});
                        if (! @urls) {
-                               $feed->{message}="could not find feed at ".$feed->{feedurl};
-                               IkiWiki::debug($feed->{message});
+                               $feed->{message}=sprintf(gettext("could not find feed at %s"), $feed->{feedurl});
+                               $feed->{error}=1;
+                               debug($feed->{message});
                                next;
                        }
                        $feed->{feedurl}=pop @urls;
                }
                my $f=eval{XML::Feed->parse(URI->new($feed->{feedurl}))};
                if ($@) {
-                       $feed->{message}="feed crashed XML::Feed! $@";
-                       IkiWiki::debug($feed->{message});
+                       $feed->{message}=gettext("feed crashed XML::Feed!")." ($@)";
+                       $feed->{error}=1;
+                       debug($feed->{message});
                        next;
                }
                if (! $f) {
                        $feed->{message}=XML::Feed->errstr;
-                       IkiWiki::debug($feed->{message});
+                       $feed->{error}=1;
+                       debug($feed->{message});
                        next;
                }
 
@@ -227,10 +270,10 @@ sub aggregate () { #{{{
                        );
                }
 
-               $feed->{message}="processed ok";
+               $feed->{message}=sprintf(gettext("processed ok at %s"),
+                       displaytime($feed->{lastupdate}));
+               $feed->{error}=0;
        }
-
-       # TODO: expiry
 } #}}}
 
 sub add_page (@) { #{{{
@@ -242,6 +285,7 @@ sub add_page (@) { #{{{
        if (exists $guids{$params{guid}}) {
                # updating an existing post
                $guid=$guids{$params{guid}};
+               return if $guid->{expired};
        }
        else {
                # new post
@@ -252,20 +296,36 @@ sub add_page (@) { #{{{
                $feed->{newposts}++;
 
                # assign it an unused page
-               my $page=$feed->{dir}."/".IkiWiki::titlepage($params{title});
-               $page=lc($page);
-               ($page)=$page=~/$IkiWiki::config{wiki_file_regexp}/;
+               my $page=IkiWiki::titlepage($params{title});
+               # escape slashes and periods in title so it doesn't specify
+               # directory name or trigger ".." disallowing code.
+               $page=~s!([/.])!"__".ord($1)."__"!eg;
+               $page=$feed->{dir}."/".$page;
+               ($page)=$page=~/$config{wiki_file_regexp}/;
                if (! defined $page || ! length $page) {
                        $page=$feed->{dir}."/item";
                }
-               $page=~s/\.\.//g; # avoid ".." directory tricks
                my $c="";
-               while (exists $IkiWiki::pagesources{$page.$c} ||
+               while (exists $IkiWiki::pagecase{lc $page.$c} ||
                       -e pagefile($page.$c)) {
                        $c++
                }
+
+               # Make sure that the file name isn't too long. 
+               # NB: This doesn't check for path length limits.
+               eval q{use POSIX};
+               my $max=POSIX::pathconf($config{srcdir}, &POSIX::_PC_NAME_MAX);
+               if (defined $max && length(htmlpage($page)) >= $max) {
+                       $c="";
+                       $page=$feed->{dir}."/item";
+                       while (exists $IkiWiki::pagecase{lc $page.$c} ||
+                              -e pagefile($page.$c)) {
+                               $c++
+                       }
+               }
+
                $guid->{page}=$page;
-               IkiWiki::debug("creating new page $page");
+               debug(sprintf(gettext("creating new page %s"), $page));
        }
        $guid->{feed}=$feed->{name};
        
@@ -273,24 +333,25 @@ sub add_page (@) { #{{{
        # to avoid unneccessary rebuilding. The mtime from rss cannot be
        # trusted; let's use a digest.
        eval q{use Digest::MD5 'md5_hex'};
+       error($@) if $@;
        require Encode;
        my $digest=md5_hex(Encode::encode_utf8($params{content}));
-       return unless ! exists $guid->{md5} || $guid->{md5} ne $digest;
+       return unless ! exists $guid->{md5} || $guid->{md5} ne $digest || $config{rebuild};
        $guid->{md5}=$digest;
 
        # Create the page.
-       my $template=IkiWiki::template("aggregatepost.tmpl", blind_cache => 1);
-       my $content=$params{content};
-       $params{content}=~s/(?<!\\)\[\[/\\\[\[/g; # escape accidental wikilinks
-                                                 # and preprocessor stuff
-       $template->param(content => $params{content});
-       $template->param(url => $feed->{url});
+       my $template=template("aggregatepost.tmpl", blind_cache => 1);
+       $template->param(title => $params{title})
+               if defined $params{title} && length($params{title});
+       $template->param(content => htmlescape(htmlabs($params{content}, $feed->{feedurl})));
        $template->param(name => $feed->{name});
-       $template->param(link => $params{link}) if defined $params{link};
+       $template->param(url => $feed->{url});
+       $template->param(permalink => urlabs($params{link}, $feed->{feedurl}))
+               if defined $params{link};
        if (ref $feed->{tags}) {
                $template->param(tags => [map { tag => $_ }, @{$feed->{tags}}]);
        }
-       IkiWiki::writefile($guid->{page}.".html", $IkiWiki::config{srcdir},
+       writefile(htmlpage($guid->{page}), $config{srcdir},
                $template->output);
 
        # Set the mtime, this lets the build process get the right creation
@@ -298,6 +359,58 @@ sub add_page (@) { #{{{
        utime $mtime, $mtime, pagefile($guid->{page}) if defined $mtime;
 } #}}}
 
+sub htmlescape ($) { #{{{
+       # escape accidental wikilinks and preprocessor stuff
+       my $html=shift;
+       $html=~s/(?<!\\)\[\[/\\\[\[/g;
+       return $html;
+} #}}}
+
+sub urlabs ($$) { #{{{
+       my $url=shift;
+       my $urlbase=shift;
+
+       URI->new_abs($url, $urlbase)->as_string;
+} #}}}
+
+sub htmlabs ($$) { #{{{
+       # Convert links in html from relative to absolute.
+       # Note that this is a heuristic, which is not specified by the rss
+       # spec and may not be right for all feeds. Also, see Debian
+       # bug #381359.
+       my $html=shift;
+       my $urlbase=shift;
+
+       my $ret="";
+       my $p = HTML::Parser->new(api_version => 3);
+       $p->handler(default => sub { $ret.=join("", @_) }, "text");
+       $p->handler(start => sub {
+               my ($tagname, $pos, $text) = @_;
+               if (ref $HTML::Tagset::linkElements{$tagname}) {
+                       while (4 <= @$pos) {
+                               # use attribute sets from right to left
+                               # to avoid invalidating the offsets
+                               # when replacing the values
+                               my($k_offset, $k_len, $v_offset, $v_len) =
+                                       splice(@$pos, -4);
+                               my $attrname = lc(substr($text, $k_offset, $k_len));
+                               next unless grep { $_ eq $attrname } @{$HTML::Tagset::linkElements{$tagname}};
+                               next unless $v_offset; # 0 v_offset means no value
+                               my $v = substr($text, $v_offset, $v_len);
+                               $v =~ s/^([\'\"])(.*)\1$/$2/;
+                               my $new_v=urlabs($v, $urlbase);
+                               $new_v =~ s/\"/&quot;/g; # since we quote with ""
+                               substr($text, $v_offset, $v_len) = qq("$new_v");
+                       }
+               }
+               $ret.=$text;
+       }, "tagname, tokenpos, text");
+       $p->parse($html);
+       $p->eof;
+
+       return $ret;
+} #}}}
+
 sub remove_feeds () { #{{{
        my $page=shift;
 
@@ -313,7 +426,7 @@ sub remove_feeds () { #{{{
 sub pagefile ($) { #{{{
        my $page=shift;
 
-       return "$IkiWiki::config{srcdir}/$page.html";
+       return "$config{srcdir}/".htmlpage($page);
 } #}}}
 
 1