]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/poll.pm
HTML-escape error messages (OVE-20160505-0012)
[git.ikiwiki.info.git] / IkiWiki / Plugin / poll.pm
index 5ac5b818de872e16ecd9470f77c2d6a6486cdd20..eb0e6ef04d086ad34e900a31f37a2407edbefabc 100644 (file)
@@ -3,7 +3,7 @@ package IkiWiki::Plugin::poll;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 use Encode;
 
 sub import {
@@ -17,17 +17,20 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => undef,
+                       section => "widget",
                },
 }
 
 my %pagenum;
 sub preprocess (@) {
-       my %params=(open => "yes", total => "yes", percent => "yes", @_);
+       my %params=(open => "yes", total => "yes", percent => "yes",
+               expandable => "no", @_);
 
        my $open=IkiWiki::yesno($params{open});
        my $showtotal=IkiWiki::yesno($params{total});
        my $showpercent=IkiWiki::yesno($params{percent});
-       $pagenum{$params{page}}++;
+       my $expandable=IkiWiki::yesno($params{expandable});
+       my $num=++$pagenum{$params{page}}{$params{destpage}};
 
        my %choices;
        my @choices;
@@ -51,7 +54,7 @@ sub preprocess (@) {
        foreach my $choice (@choices) {
                if ($open && exists $config{cgiurl}) {
                        # use POST to avoid robots
-                       $ret.="<form method=\"POST\" action=\"$config{cgiurl}\">\n";
+                       $ret.="<form method=\"POST\" action=\"".IkiWiki::cgiurl()."\">\n";
                }
                my $percent=$total > 0 ? int($choices{$choice} / $total * 100) : 0;
                $ret.="<p>\n";
@@ -63,7 +66,7 @@ sub preprocess (@) {
                }
                if ($open && exists $config{cgiurl}) {
                        $ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
-                       $ret.="<input type=\"hidden\" name=\"num\" value=\"$pagenum{$params{page}}\" />\n";
+                       $ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
                        $ret.="<input type=\"hidden\" name=\"page\" value=\"$params{page}\" />\n";
                        $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
                        $ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
@@ -73,6 +76,19 @@ sub preprocess (@) {
                        $ret.="</form>\n";
                }
        }
+       
+       if ($expandable && $open && exists $config{cgiurl}) {
+               $ret.="<p>\n";
+               $ret.="<form method=\"POST\" action=\"".IkiWiki::cgiurl()."\">\n";
+               $ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
+               $ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
+               $ret.="<input type=\"hidden\" name=\"page\" value=\"$params{page}\" />\n";
+               $ret.=gettext("Write in").": <input name=\"choice\" size=50 />\n";
+               $ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
+               $ret.="</form>\n";
+               $ret.="</p>\n";
+       }
+
        if ($showtotal) {
                $ret.="<span>".gettext("Total votes:")." $total</span>\n";
        }
@@ -83,8 +99,8 @@ sub sessioncgi ($$) {
        my $cgi=shift;
        my $session=shift;
        if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
-               my $choice=decode_utf8($cgi->param('choice'));
-               if (! defined $choice) {
+               my $choice=decode_utf8(scalar $cgi->param('choice'));
+               if (! defined $choice || not length $choice) {
                        error("no choice specified");
                }
                my $num=$cgi->param('num');
@@ -102,7 +118,7 @@ sub sessioncgi ($$) {
                my $oldchoice=$session->param($choice_param);
                if (defined $oldchoice && $oldchoice eq $choice) {
                        # Same vote; no-op.
-                       IkiWiki::redirect($cgi, urlto($page, undef, 1));
+                       IkiWiki::redirect($cgi, urlto($page));
                        exit;
                }
 
@@ -117,7 +133,14 @@ sub sessioncgi ($$) {
                        my $params=shift;
                        return "\\[[$prefix $params]]" if $escape;
                        if (--$num == 0) {
-                               $params=~s/(^|\s+)(\d+)\s+"?\Q$choice\E"?(\s+|$)/$1.($2+1)." \"$choice\"".$3/se;
+                               if ($params=~s/(^|\s+)(\d+)\s+"?\Q$choice\E"?(\s+|$)/$1.($2+1)." \"$choice\"".$3/se) {
+                               }
+                               elsif ($params=~/expandable=(\w+)/
+                                   & &IkiWiki::yesno($1)) {
+                                       $choice=~s/["\]\n\r]//g;
+                                       $params.=" 1 \"$choice\""
+                                               if length $choice;
+                               }
                                if (defined $oldchoice) {
                                        $params=~s/(^|\s+)(\d+)\s+"?\Q$oldchoice\E"?(\s+|$)/$1.($2-1 >=0 ? $2-1 : 0)." \"$oldchoice\"".$3/se;
                                }
@@ -133,9 +156,12 @@ sub sessioncgi ($$) {
                $oldchoice=$session->param($choice_param);
                if ($config{rcs}) {
                        IkiWiki::disable_commit_hook();
-                       IkiWiki::rcs_commit($pagesources{$page}, "poll vote ($choice)",
-                               IkiWiki::rcs_prepedit($pagesources{$page}),
-                               $session->param("name"), $ENV{REMOTE_ADDR});
+                       IkiWiki::rcs_commit(
+                               file => $pagesources{$page},
+                               message => "poll vote ($choice)",
+                               token => IkiWiki::rcs_prepedit($pagesources{$page}),
+                               session => $session,
+                       );
                        IkiWiki::enable_commit_hook();
                        IkiWiki::rcs_update();
                }
@@ -149,7 +175,7 @@ sub sessioncgi ($$) {
                error($@) if $@;
                my $cookie = CGI::Cookie->new(-name=> $session->name, -value=> $session->id);
                print $cgi->redirect(-cookie => $cookie,
-                       -url => urlto($page, undef, 1));
+                       -url => urlto($page));
                exit;
        }
 }