passwordauth: avoid userinfo forgery via repeated email parameter
[git.ikiwiki.info.git] / IkiWiki / Plugin / recentchanges.pm
index 04a878b20f0b494ea03a81dc5ed92da536c8ebec..8ce9474be631dbd8ae428304e25d1d1d2adac3df 100644 (file)
@@ -3,41 +3,51 @@ package IkiWiki::Plugin::recentchanges;
 
 use warnings;
 use strict;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
+use Encode;
+use HTML::Entities;
 
 
-sub import { #{{{
+sub import {
        hook(type => "getsetup", id => "recentchanges", call => \&getsetup);
        hook(type => "checkconfig", id => "recentchanges", call => \&checkconfig);
        hook(type => "refresh", id => "recentchanges", call => \&refresh);
        hook(type => "pagetemplate", id => "recentchanges", call => \&pagetemplate);
        hook(type => "htmlize", id => "_change", call => \&htmlize);
        hook(type => "getsetup", id => "recentchanges", call => \&getsetup);
        hook(type => "checkconfig", id => "recentchanges", call => \&checkconfig);
        hook(type => "refresh", id => "recentchanges", call => \&refresh);
        hook(type => "pagetemplate", id => "recentchanges", call => \&pagetemplate);
        hook(type => "htmlize", id => "_change", call => \&htmlize);
-       hook(type => "cgi", id => "recentchanges", call => \&cgi);
-} #}}}
+       hook(type => "sessioncgi", id => "recentchanges", call => \&sessioncgi);
+       # Load goto to fix up links from recentchanges
+       IkiWiki::loadplugin("goto");
+       # ... and transient as somewhere to put our internal pages
+       IkiWiki::loadplugin("transient");
+}
 
 
-sub getsetup () { #{{{
+sub getsetup () {
        return
        return
+               plugin => {
+                       safe => 1,
+                       rebuild => 1,
+               },
                recentchangespage => {
                        type => "string",
                recentchangespage => {
                        type => "string",
-                       default => "recentchanges",
+                       example => "recentchanges",
                        description => "name of the recentchanges page",
                        safe => 1,
                        rebuild => 1,
                },
                recentchangesnum => {
                        description => "name of the recentchanges page",
                        safe => 1,
                        rebuild => 1,
                },
                recentchangesnum => {
-                       type => "int",
-                       default => 100,
+                       type => "integer",
+                       example => 100,
                        description => "number of changes to track",
                        safe => 1,
                        rebuild => 0,
                },
                        description => "number of changes to track",
                        safe => 1,
                        rebuild => 0,
                },
-} #}}}
+}
 
 
-sub checkconfig () { #{{{
+sub checkconfig () {
        $config{recentchangespage}='recentchanges' unless defined $config{recentchangespage};
        $config{recentchangesnum}=100 unless defined $config{recentchangesnum};
        $config{recentchangespage}='recentchanges' unless defined $config{recentchangespage};
        $config{recentchangesnum}=100 unless defined $config{recentchangesnum};
-} #}}}
+}
 
 
-sub refresh ($) { #{{{
+sub refresh ($) {
        my %seen;
 
        # add new changes
        my %seen;
 
        # add new changes
@@ -48,68 +58,105 @@ sub refresh ($) { #{{{
        # delete old and excess changes
        foreach my $page (keys %pagesources) {
                if ($pagesources{$page} =~ /\._change$/ && ! $seen{$page}) {
        # delete old and excess changes
        foreach my $page (keys %pagesources) {
                if ($pagesources{$page} =~ /\._change$/ && ! $seen{$page}) {
-                       unlink($config{srcdir}.'/'.$pagesources{$page});
+                       unlink($IkiWiki::Plugin::transient::transientdir.'/'.$pagesources{$page}) || unlink($config{srcdir}.'/'.$pagesources{$page});
                }
        }
                }
        }
-} #}}}
+}
+
+sub sessioncgi ($$) {
+       my ($q, $session) = @_;
+       my $do = $q->param('do');
+       my $rev = $q->param('rev');
+
+       return unless $do eq 'revert' && $rev;
+
+       my @changes=$IkiWiki::hooks{rcs}{rcs_preprevert}{call}->($rev);
+       IkiWiki::check_canchange(
+               cgi => $q,
+               session => $session,
+               changes => \@changes,
+       );
+
+       eval q{use CGI::FormBuilder};
+       error($@) if $@;
+       my $form = CGI::FormBuilder->new(
+               name => "revert",
+               header => 0,
+               charset => "utf-8",
+               method => 'POST',
+               javascript => 0,
+               params => $q,
+               action => IkiWiki::cgiurl(),
+               stylesheet => 1,
+               template => { template('revert.tmpl') },
+               fields => [qw{revertmessage do sid rev}],
+       );
+       my $buttons=["Revert", "Cancel"];
+
+       $form->field(name => "revertmessage", type => "text", size => 80);
+       $form->field(name => "sid", type => "hidden", value => $session->id,
+               force => 1);
+       $form->field(name => "do", type => "hidden", value => "revert",
+               force => 1);
+
+       IkiWiki::decode_form_utf8($form);
+
+       if ($form->submitted eq 'Revert' && $form->validate) {
+               IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+               my $message=sprintf(gettext("This reverts commit %s"), $rev);
+               if (defined $form->field('revertmessage') &&
+                   length $form->field('revertmessage')) {
+                       $message=$form->field('revertmessage')."\n\n".$message;
+               }
+               my $r = $IkiWiki::hooks{rcs}{rcs_revert}{call}->($rev);
+               error $r if defined $r;
+               IkiWiki::disable_commit_hook();
+               IkiWiki::rcs_commit_staged(
+                       message => $message,
+                       session => $session,
+               );
+               IkiWiki::enable_commit_hook();
+       
+               require IkiWiki::Render;
+               IkiWiki::refresh();
+               IkiWiki::saveindex();
+       }
+       elsif ($form->submitted ne 'Cancel') {
+               $form->title(sprintf(gettext("confirm reversion of %s"), $rev));
+               $form->tmpl_param(diff => encode_entities(scalar IkiWiki::rcs_diff($rev, 200)));
+               $form->field(name => "rev", type => "hidden", value => $rev, force => 1);
+               IkiWiki::showform($form, $buttons, $session, $q);
+               exit 0;
+       }
+
+       IkiWiki::redirect($q, urlto($config{recentchangespage}));
+       exit 0;
+}
 
 
-# Enable the recentchanges link on wiki pages.
-sub pagetemplate (@) { #{{{
+# Enable the recentchanges link.
+sub pagetemplate (@) {
        my %params=@_;
        my $template=$params{template};
        my $page=$params{page};
 
        if (defined $config{recentchangespage} && $config{rcs} &&
        my %params=@_;
        my $template=$params{template};
        my $page=$params{page};
 
        if (defined $config{recentchangespage} && $config{rcs} &&
-           $page ne $config{recentchangespage} &&
-           $template->query(name => "recentchangesurl")) {
+           $template->query(name => "recentchangesurl") &&
+           $page ne $config{recentchangespage}) {
                $template->param(recentchangesurl => urlto($config{recentchangespage}, $page));
                $template->param(have_actions => 1);
        }
                $template->param(recentchangesurl => urlto($config{recentchangespage}, $page));
                $template->param(have_actions => 1);
        }
-} #}}}
+}
 
 # Pages with extension _change have plain html markup, pass through.
 
 # Pages with extension _change have plain html markup, pass through.
-sub htmlize (@) { #{{{
+sub htmlize (@) {
        my %params=@_;
        return $params{content};
        my %params=@_;
        return $params{content};
-} #}}}
-
-sub cgi ($) { #{{{
-       my $cgi=shift;
-       if (defined $cgi->param('do') && $cgi->param('do') eq "recentchanges_link") {
-               # This is a link from a change page to some
-               # other page. Since the change pages are only generated
-               # once, statically, links on them won't be updated if the
-               # page they link to is deleted, or newly created, or
-               # changes for whatever reason. So this CGI handles that
-               # dynamic linking stuff.
-               my $page=$cgi->param("page");
-               if (!defined $page) {
-                       error("missing page parameter");
-               }
-
-               IkiWiki::loadindex();
-
-               my $link=bestlink("", $page);
-               if (! length $link) {
-                       print "Content-type: text/html\n\n";
-                       print IkiWiki::misctemplate(gettext(gettext("missing page")),
-                               "<p>".
-                               sprintf(gettext("The page %s does not exist."),
-                                       htmllink("", "", $page)).
-                               "</p>");
-               }
-               else {
-                       IkiWiki::redirect($cgi, $config{url}.IkiWiki::beautify_urlpath("/".htmlpage($link)));
-               }
-
-               exit;
-       }
 }
 
 }
 
-sub store ($$$) { #{{{
+sub store ($$$) {
        my $change=shift;
 
        my $change=shift;
 
-       my $page="$config{recentchangespage}/change_".IkiWiki::titlepage($change->{rev});
+       my $page="$config{recentchangespage}/change_".titlepage($change->{rev});
 
        # Optimisation to avoid re-writing pages. Assumes commits never
        # change (or that any changes are not important).
 
        # Optimisation to avoid re-writing pages. Assumes commits never
        # change (or that any changes are not important).
@@ -123,42 +170,51 @@ sub store ($$$) { #{{{
                        if (length $config{cgiurl}) {
                                $_->{link} = "<a href=\"".
                                        IkiWiki::cgiurl(
                        if (length $config{cgiurl}) {
                                $_->{link} = "<a href=\"".
                                        IkiWiki::cgiurl(
-                                               do => "recentchanges_link",
+                                               do => "goto",
                                                page => $_->{page}
                                        ).
                                                page => $_->{page}
                                        ).
-                                       "\">".
-                                       IkiWiki::pagetitle($_->{page}).
+                                       "\" rel=\"nofollow\">".
+                                       pagetitle($_->{page}).
                                        "</a>"
                        }
                        else {
                                        "</a>"
                        }
                        else {
-                               $_->{link} = IkiWiki::pagetitle($_->{page});
+                               $_->{link} = pagetitle($_->{page});
                        }
                        }
-                       $_->{baseurl}="$config{url}/" if length $config{url};
 
                        $_;
                } @{$change->{pages}}
        ];
        push @{$change->{pages}}, { link => '...' } if $is_excess;
 
                        $_;
                } @{$change->{pages}}
        ];
        push @{$change->{pages}}, { link => '...' } if $is_excess;
+       
+       if (length $config{cgiurl} &&
+           exists $IkiWiki::hooks{rcs}{rcs_preprevert} &&
+           exists $IkiWiki::hooks{rcs}{rcs_revert}) {
+               $change->{reverturl} = IkiWiki::cgiurl(
+                       do => "revert",
+                       rev => $change->{rev}
+               );
+       }
 
 
-       # See if the committer is an openid.
        $change->{author}=$change->{user};
        my $oiduser=eval { IkiWiki::openiduser($change->{user}) };
        if (defined $oiduser) {
                $change->{authorurl}=$change->{user};
        $change->{author}=$change->{user};
        my $oiduser=eval { IkiWiki::openiduser($change->{user}) };
        if (defined $oiduser) {
                $change->{authorurl}=$change->{user};
-               $change->{user}=$oiduser;
+               $change->{user}=defined $change->{nickname} ? $change->{nickname} : $oiduser;
        }
        elsif (length $config{cgiurl}) {
                $change->{authorurl} = IkiWiki::cgiurl(
        }
        elsif (length $config{cgiurl}) {
                $change->{authorurl} = IkiWiki::cgiurl(
-                       do => "recentchanges_link",
-                       page => (length $config{userdir} ? "$config{userdir}/" : "").$change->{author},
+                       do => "goto",
+                       page => IkiWiki::userpage($change->{author}),
                );
        }
 
                );
        }
 
-       # escape wikilinks and preprocessor stuff in commit messages
        if (ref $change->{message}) {
                foreach my $field (@{$change->{message}}) {
                        if (exists $field->{line}) {
        if (ref $change->{message}) {
                foreach my $field (@{$change->{message}}) {
                        if (exists $field->{line}) {
-                               $field->{line} =~ s/(?<!\\)\[\[/\\\[\[/g;
+                               # escape html
+                               $field->{line} = encode_entities($field->{line});
+                               # escape links and preprocessor stuff
+                               $field->{line} = encode_entities($field->{line}, '\[\]');
                        }
                }
        }
                        }
                }
        }
@@ -170,16 +226,20 @@ sub store ($$$) { #{{{
                commitdate => displaytime($change->{when}, "%X %x"),
                wikiname => $config{wikiname},
        );
                commitdate => displaytime($change->{when}, "%X %x"),
                wikiname => $config{wikiname},
        );
+       
+       $template->param(permalink => urlto($config{recentchangespage})."#change-".titlepage($change->{rev}))
+               if exists $config{url};
+       
        IkiWiki::run_hooks(pagetemplate => sub {
                shift->(page => $page, destpage => $page,
                        template => $template, rev => $change->{rev});
        });
 
        my $file=$page."._change";
        IkiWiki::run_hooks(pagetemplate => sub {
                shift->(page => $page, destpage => $page,
                        template => $template, rev => $change->{rev});
        });
 
        my $file=$page."._change";
-       writefile($file, $config{srcdir}, $template->output);
-       utime $change->{when}, $change->{when}, "$config{srcdir}/$file";
+       writefile($file, $IkiWiki::Plugin::transient::transientdir, $template->output);
+       utime $change->{when}, $change->{when}, $IkiWiki::Plugin::transient::transientdir.'/'.$file;
 
        return $page;
 
        return $page;
-} #}}}
+}
 
 1
 
 1