]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/osm.pm
Reference CVE-2016-4561 in 3.20141016.3 changelog
[git.ikiwiki.info.git] / IkiWiki / Plugin / osm.pm
index be499495c4f7e65722773c73974b12e8eba3fcb2..472e26945a75575215218294c2a01cc68748bbf3 100644 (file)
@@ -60,37 +60,66 @@ sub getsetup () {
                        safe => 0,
                        rebuild => 1,
                },
                        safe => 0,
                        rebuild => 1,
                },
+               osm_openlayers_url => {
+                       type => "string",
+                       example => "http://www.openlayers.org/api/OpenLayers.js",
+                       description => "Url for the OpenLayers.js file",
+                       safe => 0,
+                       rebuild => 1,
+               },
+               osm_layers => {
+                       type => "string",
+                       example => { 'OSM', 'GoogleSatellite' },
+                       description => "Layers to use in the map. Can be either the 'OSM' string or a type option for Google maps (GoogleNormal, GoogleSatellite, GoogleHybrid or GooglePhysical). It can also be an arbitrary URL in a syntax acceptable for OpenLayers.Layer.OSM.url parameter.",
+                       safe => 0,
+                       rebuild => 1,
+               },
+               osm_google_apikey => {
+                       type => "string",
+                       example => "",
+                       description => "Google maps API key, Google layer not used if missing, see https://code.google.com/apis/console/ to get an API key",
+                       safe => 1,
+                       rebuild => 1,
+               },
+}
+
+sub register_rendered_files {
+       my $map = shift;
+       my $page = shift;
+       my $dest = shift;
+
+       if ($page eq $dest) {
+               my %formats = get_formats();
+               if ($formats{'GeoJSON'}) {
+                       will_render($page, "$map/pois.json");
+               }
+               if ($formats{'CSV'}) {
+                       will_render($page, "$map/pois.txt");
+               }
+               if ($formats{'KML'}) {
+                       will_render($page, "$map/pois.kml");
+               }
+       }
 }
 
 sub preprocess {
        my %params=@_;
 }
 
 sub preprocess {
        my %params=@_;
-       my $page = $params{'page'};
-       my $dest = $params{'destpage'};
-       my $loc = $params{'loc'}; # sanitized below
-       my $lat = $params{'lat'}; # sanitized below
-       my $lon = $params{'lon'}; # sanitized below
-       my $href = $params{'href'};
+       my $page = $params{page};
+       my $dest = $params{destpage};
+       my $loc = $params{loc}; # sanitized below
+       my $lat = $params{lat}; # sanitized below
+       my $lon = $params{lon}; # sanitized below
+       my $href = $params{href};
 
 
-       my $fullscreen = defined($params{'fullscreen'}); # sanitized here
        my ($width, $height, $float);
        my ($width, $height, $float);
-       if ($fullscreen) {
-               $height = '100%';
-               $width = '100%';
-               $float = 0;
-       }
-       else {
-               $height = scrub($params{'height'} || "300px", $page, $dest); # sanitized here
-               $width = scrub($params{'width'} || "500px", $page, $dest); # sanitized here
-               $float = (defined($params{'right'}) && 'right') || (defined($params{'left'}) && 'left'); # sanitized here
-       }
+       $height = scrub($params{'height'} || "300px", $page, $dest); # sanitized here
+       $width = scrub($params{'width'} || "500px", $page, $dest); # sanitized here
+       $float = (defined($params{'right'}) && 'right') || (defined($params{'left'}) && 'left'); # sanitized here
+       
        my $zoom = scrub($params{'zoom'} // $config{'osm_default_zoom'} // 15, $page, $dest); # sanitized below
        my $map;
        my $zoom = scrub($params{'zoom'} // $config{'osm_default_zoom'} // 15, $page, $dest); # sanitized below
        my $map;
-       if ($fullscreen) {
-               $map = $params{'map'} || $page;
-       }
-       else {
-               $map = $params{'map'} || 'map';
-       }
+       $map = $params{'map'} || 'map';
+       
        $map = scrub($map, $page, $dest); # sanitized here
        my $name = scrub($params{'name'} || $map, $page, $dest);
 
        $map = scrub($map, $page, $dest); # sanitized here
        my $name = scrub($params{'name'} || $map, $page, $dest);
 
@@ -101,16 +130,27 @@ sub preprocess {
        if ($zoom !~ /^\d\d?$/ || $zoom < 2 || $zoom > 18) {
                error("Bad zoom");
        }
        if ($zoom !~ /^\d\d?$/ || $zoom < 2 || $zoom > 18) {
                error("Bad zoom");
        }
+
+       if (! defined $href || ! length $href) {
+               $href=IkiWiki::cgiurl(
+                       do => "osm",
+                       map => $map,
+               );
+       }
+
+       register_rendered_files($map, $page, $dest);
+
        $pagestate{$page}{'osm'}{$map}{'displays'}{$name} = {
                height => $height,
                width => $width,
                float => $float,
                zoom => $zoom,
        $pagestate{$page}{'osm'}{$map}{'displays'}{$name} = {
                height => $height,
                width => $width,
                float => $float,
                zoom => $zoom,
-               fullscreen => $fullscreen,
+               fullscreen => 0,
                editable => defined($params{'editable'}),
                lat => $lat,
                lon => $lon,
                href => $href,
                editable => defined($params{'editable'}),
                lat => $lat,
                lon => $lon,
                href => $href,
+               google_apikey => $config{'osm_google_apikey'},
        };
        return "<div id=\"mapdiv-$name\"></div>";
 }
        };
        return "<div id=\"mapdiv-$name\"></div>";
 }
@@ -152,33 +192,9 @@ sub process_waypoint {
                }
        }
        $icon = urlto($icon, $dest, 1);
                }
        }
        $icon = urlto($icon, $dest, 1);
+       $icon =~ s!/*$!!; # hack - urlto shouldn't be appending a slash in the first place
        $tag = '' unless $tag;
        $tag = '' unless $tag;
-       if ($page eq $dest) {
-               if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
-                       $config{'osm_format'} = 'KML';
-               }
-               my %formats = map { $_ => 1 } split(/, */, $config{'osm_format'});
-               if ($formats{'GeoJSON'}) {
-                       will_render($page,$config{destdir} . "/$map/pois.json");
-               }
-               if ($formats{'CSV'}) {
-                       will_render($page,$config{destdir} . "/$map/pois.txt");
-               }
-               if ($formats{'KML'}) {
-                       will_render($page,$config{destdir} . "/$map/pois.kml");
-               }
-       }
-       my $href = IkiWiki::cgiurl(
-               do => "osm",
-               map => $map,
-               lat => $lat,
-               lon => $lon,
-               zoom => $zoom,
-       );
-       if (defined($destsources{htmlpage($map)})) {
-               $href = urlto($map,$page) . "?lat=$lat&amp;lon=$lon&amp;zoom=$zoom";
-               $href =~ s!&!&amp;!g;
-       }
+       register_rendered_files($map, $page, $dest);
        $pagestate{$page}{'osm'}{$map}{'waypoints'}{$name} = {
                page => $page,
                desc => $desc,
        $pagestate{$page}{'osm'}{$map}{'waypoints'}{$name} = {
                page => $page,
                desc => $desc,
@@ -186,18 +202,28 @@ sub process_waypoint {
                tag => $tag,
                lat => $lat,
                lon => $lon,
                tag => $tag,
                lat => $lat,
                lon => $lon,
-               # how to link back to the page from the map, not to be
+               # How to link back to the page from the map, not to be
                # confused with the URL of the map itself sent to the
                # confused with the URL of the map itself sent to the
-               # embeded map below
-               href => urlto($page,$map),
+               # embeded map below. Note: used in generated KML etc file,
+               # so must be absolute.
+               href => urlto($page),
        };
        };
+
+       my $mapurl = IkiWiki::cgiurl(
+               do => "osm",
+               map => $map,
+               lat => $lat,
+               lon => $lon,
+               zoom => $zoom,
+       );
        my $output = '';
        if (defined($params{'embed'})) {
        my $output = '';
        if (defined($params{'embed'})) {
-               $params{'href'} = $href; # propagate down to embeded
-               $output .= preprocess(%params);
+               $output .= preprocess(%params,
+                       href => $mapurl,
+               );
        }
        if (!$hidden) {
        }
        if (!$hidden) {
-               $output .= "<a href=\"$href\"><img class=\"img\" src=\"$icon\" $alt /></a>";
+               $output .= "<a href=\"$mapurl\"><img class=\"img\" src=\"$icon\" $alt /></a>";
        }
        return $output;
 }
        }
        return $output;
 }
@@ -292,10 +318,7 @@ sub savestate {
                }
        }
 
                }
        }
 
-       if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
-               $config{'osm_format'} = 'KML';
-       }
-       my %formats = map { $_ => 1 } split(/, */, $config{'osm_format'});
+       my %formats = get_formats();
        if ($formats{'GeoJSON'}) {
                writejson(\%waypoints, \%linestrings);
        }
        if ($formats{'GeoJSON'}) {
                writejson(\%waypoints, \%linestrings);
        }
@@ -335,59 +358,31 @@ sub writekml($;$) {
        eval q{use XML::Writer};
        error $@ if $@;
        foreach my $map (keys %waypoints) {
        eval q{use XML::Writer};
        error $@ if $@;
        foreach my $map (keys %waypoints) {
-
-=pod
-Sample placemark:
-
-<?xml version="1.0" encoding="UTF-8"?>
-<kml xmlns="http://www.opengis.net/kml/2.2">
-  <Placemark>
-    <name>Simple placemark</name>
-    <description>Attached to the ground. Intelligently places itself 
-       at the height of the underlying terrain.</description>
-    <Point>
-      <coordinates>-122.0822035425683,37.42228990140251,0</coordinates>
-    </Point>
-  </Placemark>
-</kml>
-
-Sample style:
-
-
-        <Style id="sh_sunny_copy69">
-                <IconStyle>
-                        <scale>1.4</scale>
-                        <Icon>
-                                <href>http://waypoints.google.com/mapfiles/kml/shapes/sunny.png</href>
-                        </Icon>
-                        <hotSpot x="0.5" y="0.5" xunits="fraction" yunits="fraction"/>
-                </IconStyle>
-                <LabelStyle>
-                        <color>ff00aaff</color>
-                </LabelStyle>
-        </Style>
-
-
-=cut
-
                my $output;
                my $writer = XML::Writer->new( OUTPUT => \$output,
                my $output;
                my $writer = XML::Writer->new( OUTPUT => \$output,
-                       DATA_MODE => 1, ENCODING => 'UTF-8');
+                       DATA_MODE => 1, DATA_INDENT => ' ', ENCODING => 'UTF-8');
                $writer->xmlDecl();
                $writer->startTag("kml", "xmlns" => "http://www.opengis.net/kml/2.2");
                $writer->xmlDecl();
                $writer->startTag("kml", "xmlns" => "http://www.opengis.net/kml/2.2");
+               $writer->startTag("Document");
 
                # first pass: get the icons
 
                # first pass: get the icons
+               my %tags_map = (); # keep track of tags seen
                foreach my $name (keys %{$waypoints{$map}}) {
                        my %options = %{$waypoints{$map}{$name}};
                foreach my $name (keys %{$waypoints{$map}}) {
                        my %options = %{$waypoints{$map}{$name}};
-                       $writer->startTag("Style", id => $options{tag});
-                       $writer->startTag("IconStyle");
-                       $writer->startTag("Icon");
-                       $writer->startTag("href");
-                       $writer->characters($options{icon});
-                       $writer->endTag();
-                       $writer->endTag();
-                       $writer->endTag();
-                       $writer->endTag();
+                       if (!$tags_map{$options{tag}}) {
+                           debug("found new style " . $options{tag});
+                           $tags_map{$options{tag}} = ();
+                           $writer->startTag("Style", id => $options{tag});
+                           $writer->startTag("IconStyle");
+                           $writer->startTag("Icon");
+                           $writer->startTag("href");
+                           $writer->characters($options{icon});
+                           $writer->endTag();
+                           $writer->endTag();
+                           $writer->endTag();
+                           $writer->endTag();
+                       }
+                       $tags_map{$options{tag}}{$name} = \%options;
                }
        
                foreach my $name (keys %{$waypoints{$map}}) {
                }
        
                foreach my $name (keys %{$waypoints{$map}}) {
@@ -434,9 +429,10 @@ Sample style:
                        $writer->endTag();
                }
                $writer->endTag();
                        $writer->endTag();
                }
                $writer->endTag();
+               $writer->endTag();
                $writer->end();
 
                $writer->end();
 
-               writefile("pois.kmp", $config{destdir} . "/$map", $output);
+               writefile("pois.kml", $config{destdir} . "/$map", $output);
        }
 }
 
        }
 }
 
@@ -484,7 +480,7 @@ sub format (@) {
        return $params{content};
 }
 
        return $params{content};
 }
 
-sub prefered_format() {
+sub preferred_format() {
        if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
                $config{'osm_format'} = 'KML';
        }
        if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
                $config{'osm_format'} = 'KML';
        }
@@ -492,24 +488,26 @@ sub prefered_format() {
        return shift @spl;
 }
 
        return shift @spl;
 }
 
+sub get_formats() {
+       if (!defined($config{'osm_format'}) || !$config{'osm_format'}) {
+               $config{'osm_format'} = 'KML';
+       }
+       map { $_ => 1 } split(/, */, $config{'osm_format'});
+}
+
 sub include_javascript ($) {
        my $page=shift;
        my $loader;
 
 sub include_javascript ($) {
        my $page=shift;
        my $loader;
 
-       eval q{use JSON};
-       error $@ if $@;
        if (exists $pagestate{$page}{'osm'}) {
                foreach my $map (keys %{$pagestate{$page}{'osm'}}) {
                        foreach my $name (keys %{$pagestate{$page}{'osm'}{$map}{'displays'}}) {
        if (exists $pagestate{$page}{'osm'}) {
                foreach my $map (keys %{$pagestate{$page}{'osm'}}) {
                        foreach my $name (keys %{$pagestate{$page}{'osm'}{$map}{'displays'}}) {
-                               my %options = %{$pagestate{$page}{'osm'}{$map}{'displays'}{$name}};
-                               $options{'map'} = $map;
-                               $options{'format'} = prefered_format();
-                               $loader .= "mapsetup(\"mapdiv-$name\", " . to_json(\%options) . ");\n";
+                               $loader .= map_setup_code($map, $name, %{$pagestate{$page}{'osm'}{$map}{'displays'}{$name}});
                        }
                }
        }
        if ($loader) {
                        }
                }
        }
        if ($loader) {
-               return embed_map_code($page) . "<script type=\"text/javascript\" charset=\"utf-8\">$loader</script>";
+               return embed_map_code($page) . "<script type=\"text/javascript\">$loader</script>";
        }
        else {
                return '';
        }
        else {
                return '';
@@ -521,6 +519,8 @@ sub cgi($) {
 
        return unless defined $cgi->param('do') &&
                $cgi->param("do") eq "osm";
 
        return unless defined $cgi->param('do') &&
                $cgi->param("do") eq "osm";
+       
+       IkiWiki::loadindex();
 
        IkiWiki::decode_cgi_utf8($cgi);
 
 
        IkiWiki::decode_cgi_utf8($cgi);
 
@@ -534,7 +534,16 @@ sub cgi($) {
        print "<html><body>";
        print "<div id=\"mapdiv-$map\"></div>";
        print embed_map_code();
        print "<html><body>";
        print "<div id=\"mapdiv-$map\"></div>";
        print embed_map_code();
-       print "<script type=\"text/javascript\" charset=\"utf-8\">mapsetup( 'mapdiv-$map', { 'map': '$map', 'lat': urlParams['lat'], 'lon': urlParams['lon'], 'zoom': urlParams['zoom'], 'fullscreen': 1, 'editable': 1, 'format': '" . prefered_format() . "'});</script>";
+       print "<script type=\"text/javascript\">";
+       print map_setup_code($map, $map,
+               lat => "urlParams['lat']",
+               lon => "urlParams['lon']",
+               zoom => "urlParams['zoom']",
+               fullscreen => 1,
+               editable => 1,
+               google_apikey => $config{'osm_google_apikey'},
+       );
+       print "</script>";
        print "</body></html>";
 
        exit 0;
        print "</body></html>";
 
        exit 0;
@@ -542,9 +551,46 @@ sub cgi($) {
 
 sub embed_map_code(;$) {
        my $page=shift;
 
 sub embed_map_code(;$) {
        my $page=shift;
-       return '<script src="http://www.openlayers.org/api/OpenLayers.js" type="text/javascript" charset="utf-8"></script>'.
+       my $olurl = $config{osm_openlayers_url} || "http://www.openlayers.org/api/OpenLayers.js";
+       my $code = '<script src="'.$olurl.'" type="text/javascript" charset="utf-8"></script>'."\n".
                '<script src="'.urlto("ikiwiki/osm.js", $page).
                '" type="text/javascript" charset="utf-8"></script>'."\n";
                '<script src="'.urlto("ikiwiki/osm.js", $page).
                '" type="text/javascript" charset="utf-8"></script>'."\n";
+       if ($config{'osm_google_apikey'}) {
+           $code .= '<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key='.$config{'osm_google_apikey'}.'&sensor=false" type="text/javascript" charset="utf-8"></script>';
+       }
+       return $code;
+}
+
+sub map_setup_code($;@) {
+       my $map=shift;
+       my $name=shift;
+       my %options=@_;
+
+       my $mapurl = $config{osm_map_url};
+
+       eval q{use JSON};
+       error $@ if $@;
+                               
+       $options{'format'} = preferred_format();
+
+       my %formats = get_formats();
+       if ($formats{'GeoJSON'}) {
+               $options{'jsonurl'} = urlto($map."/pois.json");
+       }
+       if ($formats{'CSV'}) {
+               $options{'csvurl'} = urlto($map."/pois.txt");
+       }
+       if ($formats{'KML'}) {
+               $options{'kmlurl'} = urlto($map."/pois.kml");
+       }
+
+       if ($mapurl) {
+               $options{'mapurl'} = $mapurl;
+       }
+        $options{'layers'} = $config{osm_layers};
+
+       $name=~s/'//g; # $name comes from user input
+       return "mapsetup('mapdiv-$name', " . to_json(\%options) . ");";
 }
 
 1;
 }
 
 1;