]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/lockedit.pm
passwordauth: avoid userinfo forgery via repeated email parameter
[git.ikiwiki.info.git] / IkiWiki / Plugin / lockedit.pm
index 742fd41f65d0cabf963be99e187e0203dbb8c200..5b50fd11509c07cf301b6f9a500331bff4392f93 100644 (file)
@@ -3,15 +3,31 @@ package IkiWiki::Plugin::lockedit;
 
 use warnings;
 use strict;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 
 
-sub import { #{{{
+sub import {
+       hook(type => "getsetup", id => "lockedit", call => \&getsetup);
        hook(type => "canedit", id => "lockedit", call => \&canedit);
        hook(type => "canedit", id => "lockedit", call => \&canedit);
-       hook(type => "formbuilder_setup", id => "lockedit",
-            call => \&formbuilder_setup);
-} # }}}
-
-sub canedit ($$) { #{{{
+}
+
+sub getsetup () {
+       return
+               plugin => {
+                       safe => 1,
+                       rebuild => 0,
+                       section => "auth",
+               },
+               locked_pages => {
+                       type => "pagespec",
+                       example => "!*/Discussion",
+                       description => "PageSpec controlling which pages are locked",
+                       link => "ikiwiki/PageSpec",
+                       safe => 1,
+                       rebuild => 0,
+               },
+}
+
+sub canedit ($$) {
        my $page=shift;
        my $cgi=shift;
        my $session=shift;
        my $page=shift;
        my $cgi=shift;
        my $session=shift;
@@ -19,44 +35,24 @@ sub canedit ($$) { #{{{
        my $user=$session->param("name");
        return undef if defined $user && IkiWiki::is_admin($user);
 
        my $user=$session->param("name");
        return undef if defined $user && IkiWiki::is_admin($user);
 
-       foreach my $admin (@{$config{adminuser}}) {
-               if (pagespec_match($page, IkiWiki::userinfo_get($admin, "locked_pages"))) {
-                       return sprintf(gettext("%s is locked by %s and cannot be edited"),
-                               htmllink("", "", $page, noimageinline => 1),
-                               IkiWiki::userlink($admin));
+       if (defined $config{locked_pages} && length $config{locked_pages} &&
+           pagespec_match($page, $config{locked_pages},
+                   user => $session->param("name"),
+                   ip => $session->remote_addr(),
+           )) {
+               if ((! defined $user ||
+                   ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
+                   exists $IkiWiki::hooks{auth}) {
+                       return sub { IkiWiki::needsignin($cgi, $session) };
+               }
+               else {
+                       return sprintf(gettext("%s is locked and cannot be edited"),
+                               htmllink("", "", $page, noimageinline => 1));
+                       
                }
        }
 
        return undef;
                }
        }
 
        return undef;
-} #}}}
-
-sub formbuilder_setup (@) { #{{{
-       my %params=@_;
-       
-       my $form=$params{form};
-       my $session=$params{session};
-       my $cgi=$params{cgi};
-       my $user_name=$session->param("name");
-
-       if ($form->title eq "preferences") {
-               $form->field(name => "locked_pages", size => 50,
-                       fieldset => "admin",
-                       comment => "(".htmllink("", "", "PageSpec", noimageinline => 1).")");
-               if (! IkiWiki::is_admin($user_name)) {
-                       $form->field(name => "locked_pages", type => "hidden");
-               }
-               if (! $form->submitted) {
-                       $form->field(name => "locked_pages", force => 1,
-                               value => IkiWiki::userinfo_get($user_name, "locked_pages"));
-               }
-               if ($form->submitted && $form->submitted eq 'Save Preferences') {
-                       if (defined $form->field("locked_pages")) {
-                               IkiWiki::userinfo_set($user_name, "locked_pages",
-                                       $form->field("locked_pages")) ||
-                                               error("failed to set locked_pages");
-                       }
-               }
-       }
-} #}}}
+}
 
 1
 
 1