]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/rename.pm
Avoid mixed content when cgiurl is https but url is not
[git.ikiwiki.info.git] / IkiWiki / Plugin / rename.pm
index 8dad92be3e8794c2ef09ed4a518f814fb49be2a5..8387a1e32446753f749887ba5655d23c2dfce462 100644 (file)
@@ -18,6 +18,7 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => 0,
+                       section => "web",
                },
 }
 
@@ -49,7 +50,7 @@ sub check_canrename ($$$$$$) {
        IkiWiki::check_canedit($src, $q, $session);
        if ($attachment) {
                if (IkiWiki::Plugin::attachment->can("check_canattach")) {
-                       IkiWiki::Plugin::attachment::check_canattach($session, $src, $srcfile);
+                       IkiWiki::Plugin::attachment::check_canattach($session, $src, "$config{srcdir}/$srcfile");
                }
                else {
                        error("renaming of attachments is not allowed");
@@ -62,9 +63,8 @@ sub check_canrename ($$$$$$) {
                        error(gettext("no change to the file name was specified"));
                }
 
-               # Must be a legal filename, and not absolute.
-               if (IkiWiki::file_pruned($destfile, $config{srcdir}) || 
-                   $destfile=~/^\//) {
+               # Must be a legal filename.
+               if (IkiWiki::file_pruned($destfile)) {
                        error(sprintf(gettext("illegal name")));
                }
 
@@ -84,7 +84,7 @@ sub check_canrename ($$$$$$) {
                if ($attachment) {
                        # Note that $srcfile is used here, not $destfile,
                        # because it wants the current file, to check it.
-                       IkiWiki::Plugin::attachment::check_canattach($session, $dest, $srcfile);
+                       IkiWiki::Plugin::attachment::check_canattach($session, $dest, "$config{srcdir}/$srcfile");
                }
        }
 
@@ -108,6 +108,7 @@ sub check_canrename ($$$$$$) {
                        }
                }
        });
+       return defined $canrename ? $canrename : 1;
 }
 
 sub rename_form ($$$) {
@@ -125,26 +126,30 @@ sub rename_form ($$$) {
                method => 'POST',
                javascript => 0,
                params => $q,
-               action => $config{cgiurl},
-               stylesheet => IkiWiki::baseurl()."style.css",
+               action => IkiWiki::cgiurl(),
+               stylesheet => 1,
                fields => [qw{do page new_name attachment}],
        );
        
        $f->field(name => "do", type => "hidden", value => "rename", force => 1);
+       $f->field(name => "sid", type => "hidden", value => $session->id,
+               force => 1);
        $f->field(name => "page", type => "hidden", value => $page, force => 1);
        $f->field(name => "new_name", value => pagetitle($page, 1), size => 60);
        if (!$q->param("attachment")) {
                # insert the standard extensions
                my @page_types;
                if (exists $IkiWiki::hooks{htmlize}) {
-                       @page_types=grep { !/^_/ }
-                               keys %{$IkiWiki::hooks{htmlize}};
+                       foreach my $key (grep { !/^_/ } keys %{$IkiWiki::hooks{htmlize}}) {
+                               push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
+                       }
                }
+               @page_types=sort @page_types;
        
                # make sure the current extension is in the list
                my ($ext) = $pagesources{$page}=~/\.([^.]+)$/;
                if (! $IkiWiki::hooks{htmlize}{$ext}) {
-                       unshift(@page_types, $ext);
+                       unshift(@page_types, [$ext, $ext]);
                }
        
                $f->field(name => "type", type => 'select',
@@ -174,8 +179,15 @@ sub rename_start ($$$$) {
        my $attachment=shift;
        my $page=shift;
 
-       check_canrename($page, $pagesources{$page}, undef, undef,
-               $q, $session);
+       # Special case for renaming held attachments; normal checks
+       # don't apply.
+       my $held=$attachment &&
+               IkiWiki::Plugin::attachment->can("is_held_attachment") &&
+               IkiWiki::Plugin::attachment::is_held_attachment($page);
+       if (! $held) {
+               check_canrename($page, $pagesources{$page}, undef, undef,
+                       $q, $session);
+       }
 
        # Save current form state to allow returning to it later
        # without losing any edits.
@@ -194,14 +206,22 @@ sub rename_start ($$$$) {
        exit 0;
 }
 
-sub postrename ($;$$$) {
+sub postrename ($$$;$$) {
+       my $cgi=shift;
        my $session=shift;
        my $src=shift;
        my $dest=shift;
        my $attachment=shift;
 
-       # Load saved form state and return to edit page.
-       my $postrename=CGI->new($session->param("postrename"));
+       # Load saved form state and return to edit page, using stored old
+       # cgi state. Or, if the rename was not started on the edit page, 
+       # return to the renamed page.
+       my $postrename=$session->param("postrename");
+       if (! defined $postrename) {
+               IkiWiki::redirect($cgi, urlto(defined $dest ? $dest : $src));
+               exit;
+       }
+       my $oldcgi=CGI->new($postrename);
        $session->clear("postrename");
        IkiWiki::cgi_savesession($session);
 
@@ -210,21 +230,21 @@ sub postrename ($;$$$) {
                        # They renamed the page they were editing. This requires
                        # fixups to the edit form state.
                        # Tweak the edit form to be editing the new page.
-                       $postrename->param("page", $dest);
+                       $oldcgi->param("page", $dest);
                }
 
                # Update edit form content to fix any links present
                # on it.
-               $postrename->param("editcontent",
+               $oldcgi->param("editcontent",
                        renamepage_hook($dest, $src, $dest,
-                                $postrename->param("editcontent")));
+                                $oldcgi->param("editcontent")));
 
                # Get a new edit token; old was likely invalidated.
-               $postrename->param("rcsinfo",
+               $oldcgi->param("rcsinfo",
                        IkiWiki::rcs_prepedit($pagesources{$dest}));
        }
 
-       IkiWiki::cgi_editpage($postrename, $session);
+       IkiWiki::cgi_editpage($oldcgi, $session);
 }
 
 sub formbuilder (@) {
@@ -233,6 +253,7 @@ sub formbuilder (@) {
 
        if (defined $form->field("do") && ($form->field("do") eq "edit" ||
            $form->field("do") eq "create")) {
+               IkiWiki::decode_form_utf8($form);
                my $q=$params{cgi};
                my $session=$params{session};
 
@@ -240,7 +261,7 @@ sub formbuilder (@) {
                        rename_start($q, $session, 0, $form->field("page"));
                }
                elsif ($form->submitted eq "Rename Attachment") {
-                       my @selected=$q->param("attachment_select");
+                       my @selected=map { Encode::decode_utf8($_) } $q->param("attachment_select");
                        if (@selected > 1) {
                                error(gettext("Only one attachment can be renamed at a time."));
                        }
@@ -276,21 +297,21 @@ sub sessioncgi ($$) {
 
        if ($q->param("do") eq 'rename') {
                my $session=shift;
-               my ($form, $buttons)=rename_form($q, $session, $q->param("page"));
+               my ($form, $buttons)=rename_form($q, $session, Encode::decode_utf8($q->param("page")));
                IkiWiki::decode_form_utf8($form);
+               my $src=$form->field("page");
 
                if ($form->submitted eq 'Cancel') {
-                       postrename($session);
+                       postrename($q, $session, $src);
                }
                elsif ($form->submitted eq 'Rename' && $form->validate) {
-                       # Queue of rename actions to perfom.
-                       my @torename;
+                       IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
 
                        # These untaints are safe because of the checks
                        # performed in check_canrename later.
-                       my $src=$q->param("page");
-                       my $srcfile=IkiWiki::possibly_foolish_untaint($pagesources{$src});
-                       my $dest=IkiWiki::possibly_foolish_untaint(titlepage($q->param("new_name")));
+                       my $srcfile=IkiWiki::possibly_foolish_untaint($pagesources{$src})
+                               if exists $pagesources{$src};
+                       my $dest=IkiWiki::possibly_foolish_untaint(titlepage($form->field("new_name")));
                        my $destfile=$dest;
                        if (! $q->param("attachment")) {
                                my $type=$q->param('type');
@@ -304,6 +325,19 @@ sub sessioncgi ($$) {
                                
                                $destfile=newpagefile($dest, $type);
                        }
+               
+                       # Special case for renaming held attachments.
+                       my $held=$q->param("attachment") &&
+                               IkiWiki::Plugin::attachment->can("is_held_attachment") &&
+                               IkiWiki::Plugin::attachment::is_held_attachment($src);
+                       if ($held) {
+                               rename($held, IkiWiki::Plugin::attachment::attachment_holding_location($dest));
+                               postrename($q, $session, $src, $dest, $q->param("attachment"))
+                                       unless defined $srcfile;
+                       }
+                       
+                       # Queue of rename actions to perfom.
+                       my @torename;
                        push @torename, {
                                src => $src,
                                srcfile => $srcfile,
@@ -342,8 +376,9 @@ sub sessioncgi ($$) {
                                $pagesources{$rename->{src}}=$rename->{destfile};
                        }
                        IkiWiki::rcs_commit_staged(
-                               sprintf(gettext("rename %s to %s"), $srcfile, $destfile),
-                               $session->param("name"), $ENV{REMOTE_ADDR}) if $config{rcs};
+                               message => sprintf(gettext("rename %s to %s"), $srcfile, $destfile),
+                               session => $session,
+                       ) if $config{rcs};
 
                        # Then link fixups.
                        foreach my $rename (@torename) {
@@ -403,7 +438,7 @@ sub sessioncgi ($$) {
                                $renamesummary.=$template->output;
                        }
 
-                       postrename($session, $src, $dest, $q->param("attachment"));
+                       postrename($q, $session, $src, $dest, $q->param("attachment"));
                }
                else {
                        IkiWiki::showform($form, $buttons, $session, $q);
@@ -478,7 +513,7 @@ sub renamepage_hook ($$$$) {
        return $content;
 }
 
-sub rename_hook (@) {
+sub rename_hook {
        my %params = @_;
 
        my @torename=@{$params{torename}};
@@ -558,6 +593,7 @@ sub fixlinks ($$$) {
                }
                if ($needfix) {
                        my $file=$pagesources{$page};
+                       next unless -e $config{srcdir}."/".$file;
                        my $oldcontent=readfile($config{srcdir}."/".$file);
                        my $content=renamepage_hook($page, $rename->{src}, $rename->{dest}, $oldcontent);
                        if ($oldcontent ne $content) {
@@ -565,11 +601,10 @@ sub fixlinks ($$$) {
                                eval { writefile($file, $config{srcdir}, $content) };
                                next if $@;
                                my $conflict=IkiWiki::rcs_commit(
-                                       $file,
-                                       sprintf(gettext("update for rename of %s to %s"), $rename->{srcfile}, $rename->{destfile}),
-                                       $token,
-                                       $session->param("name"), 
-                                       $ENV{REMOTE_ADDR}
+                                       file => $file,
+                                       message => sprintf(gettext("update for rename of %s to %s"), $rename->{srcfile}, $rename->{destfile}),
+                                       token => $token,
+                                       session => $session,
                                );
                                push @fixedlinks, $page if ! defined $conflict;
                        }