]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/osm.pm
Add automated test for using the CGI with git, including CVE-2016-10026
[git.ikiwiki.info.git] / IkiWiki / Plugin / osm.pm
index 661f72bab0ef1a5cc6773b92ae0a37feca4bb4c8..c9c5646c475801c125ac984a60a59a8a9b1f1cf3 100644 (file)
@@ -64,33 +64,22 @@ sub getsetup () {
 
 sub preprocess {
        my %params=@_;
 
 sub preprocess {
        my %params=@_;
-       my $page = $params{'page'};
-       my $dest = $params{'destpage'};
-       my $loc = $params{'loc'}; # sanitized below
-       my $lat = $params{'lat'}; # sanitized below
-       my $lon = $params{'lon'}; # sanitized below
-       my $href = $params{'href'};
+       my $page = $params{page};
+       my $dest = $params{destpage};
+       my $loc = $params{loc}; # sanitized below
+       my $lat = $params{lat}; # sanitized below
+       my $lon = $params{lon}; # sanitized below
+       my $href = $params{href};
 
 
-       my $fullscreen = defined($params{'fullscreen'}); # sanitized here
        my ($width, $height, $float);
        my ($width, $height, $float);
-       if ($fullscreen) {
-               $height = '100%';
-               $width = '100%';
-               $float = 0;
-       }
-       else {
-               $height = scrub($params{'height'} || "300px", $page, $dest); # sanitized here
-               $width = scrub($params{'width'} || "500px", $page, $dest); # sanitized here
-               $float = (defined($params{'right'}) && 'right') || (defined($params{'left'}) && 'left'); # sanitized here
-       }
+       $height = scrub($params{'height'} || "300px", $page, $dest); # sanitized here
+       $width = scrub($params{'width'} || "500px", $page, $dest); # sanitized here
+       $float = (defined($params{'right'}) && 'right') || (defined($params{'left'}) && 'left'); # sanitized here
+       
        my $zoom = scrub($params{'zoom'} // $config{'osm_default_zoom'} // 15, $page, $dest); # sanitized below
        my $map;
        my $zoom = scrub($params{'zoom'} // $config{'osm_default_zoom'} // 15, $page, $dest); # sanitized below
        my $map;
-       if ($fullscreen) {
-               $map = $params{'map'} || $page;
-       }
-       else {
-               $map = $params{'map'} || 'map';
-       }
+       $map = $params{'map'} || 'map';
+       
        $map = scrub($map, $page, $dest); # sanitized here
        my $name = scrub($params{'name'} || $map, $page, $dest);
 
        $map = scrub($map, $page, $dest); # sanitized here
        my $name = scrub($params{'name'} || $map, $page, $dest);
 
@@ -101,12 +90,20 @@ sub preprocess {
        if ($zoom !~ /^\d\d?$/ || $zoom < 2 || $zoom > 18) {
                error("Bad zoom");
        }
        if ($zoom !~ /^\d\d?$/ || $zoom < 2 || $zoom > 18) {
                error("Bad zoom");
        }
+
+       if (! defined $href || ! length $href) {
+               $href=IkiWiki::cgiurl(
+                       do => "osm",
+                       map => $map,
+               );
+       }
+
        $pagestate{$page}{'osm'}{$map}{'displays'}{$name} = {
                height => $height,
                width => $width,
                float => $float,
                zoom => $zoom,
        $pagestate{$page}{'osm'}{$map}{'displays'}{$name} = {
                height => $height,
                width => $width,
                float => $float,
                zoom => $zoom,
-               fullscreen => $fullscreen,
+               fullscreen => 0,
                editable => defined($params{'editable'}),
                lat => $lat,
                lon => $lon,
                editable => defined($params{'editable'}),
                lat => $lat,
                lon => $lon,
@@ -165,17 +162,6 @@ sub process_waypoint {
                        will_render($page, "$map/pois.kml");
                }
        }
                        will_render($page, "$map/pois.kml");
                }
        }
-       my $href = IkiWiki::cgiurl(
-               do => "osm",
-               map => $map,
-               lat => $lat,
-               lon => $lon,
-               zoom => $zoom,
-       );
-       if (defined($destsources{htmlpage($map)})) {
-               $href = urlto($map,$page) . "?lat=$lat&amp;lon=$lon&amp;zoom=$zoom";
-               $href =~ s!&!&amp;!g;
-       }
        $pagestate{$page}{'osm'}{$map}{'waypoints'}{$name} = {
                page => $page,
                desc => $desc,
        $pagestate{$page}{'osm'}{$map}{'waypoints'}{$name} = {
                page => $page,
                desc => $desc,
@@ -183,18 +169,28 @@ sub process_waypoint {
                tag => $tag,
                lat => $lat,
                lon => $lon,
                tag => $tag,
                lat => $lat,
                lon => $lon,
-               # how to link back to the page from the map, not to be
+               # How to link back to the page from the map, not to be
                # confused with the URL of the map itself sent to the
                # confused with the URL of the map itself sent to the
-               # embeded map below
-               href => urlto($page,$map),
+               # embeded map below. Note: used in generated KML etc file,
+               # so must be absolute.
+               href => urlto($page),
        };
        };
+
+       my $mapurl = IkiWiki::cgiurl(
+               do => "osm",
+               map => $map,
+               lat => $lat,
+               lon => $lon,
+               zoom => $zoom,
+       );
        my $output = '';
        if (defined($params{'embed'})) {
        my $output = '';
        if (defined($params{'embed'})) {
-               $params{'href'} = $href; # propagate down to embeded
-               $output .= preprocess(%params);
+               $output .= preprocess(%params,
+                       href => $mapurl,
+               );
        }
        if (!$hidden) {
        }
        if (!$hidden) {
-               $output .= "<a href=\"$href\"><img class=\"img\" src=\"$icon\" $alt /></a>";
+               $output .= "<a href=\"$mapurl\"><img class=\"img\" src=\"$icon\" $alt /></a>";
        }
        return $output;
 }
        }
        return $output;
 }
@@ -329,41 +325,6 @@ sub writekml($;$) {
        eval q{use XML::Writer};
        error $@ if $@;
        foreach my $map (keys %waypoints) {
        eval q{use XML::Writer};
        error $@ if $@;
        foreach my $map (keys %waypoints) {
-
-=pod
-Sample placemark:
-
-<?xml version="1.0" encoding="UTF-8"?>
-<kml xmlns="http://www.opengis.net/kml/2.2">
-  <Placemark>
-    <name>Simple placemark</name>
-    <description>Attached to the ground. Intelligently places itself 
-       at the height of the underlying terrain.</description>
-    <Point>
-      <coordinates>-122.0822035425683,37.42228990140251,0</coordinates>
-    </Point>
-  </Placemark>
-</kml>
-
-Sample style:
-
-
-        <Style id="sh_sunny_copy69">
-                <IconStyle>
-                        <scale>1.4</scale>
-                        <Icon>
-                                <href>http://waypoints.google.com/mapfiles/kml/shapes/sunny.png</href>
-                        </Icon>
-                        <hotSpot x="0.5" y="0.5" xunits="fraction" yunits="fraction"/>
-                </IconStyle>
-                <LabelStyle>
-                        <color>ff00aaff</color>
-                </LabelStyle>
-        </Style>
-
-
-=cut
-
                my $output;
                my $writer = XML::Writer->new( OUTPUT => \$output,
                        DATA_MODE => 1, ENCODING => 'UTF-8');
                my $output;
                my $writer = XML::Writer->new( OUTPUT => \$output,
                        DATA_MODE => 1, ENCODING => 'UTF-8');