]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/poll.pm
describe unexpected situation where a logged-in user can delete other comments
[git.ikiwiki.info.git] / IkiWiki / Plugin / poll.pm
index fadc1773e66a61758d0012991e32da66d5ae0209..5a09e20879c46604350cd3f2e239c854ea594651 100644 (file)
@@ -3,31 +3,34 @@ package IkiWiki::Plugin::poll;
 
 use warnings;
 use strict;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
 use Encode;
 
 use Encode;
 
-sub import { #{{{
+sub import {
        hook(type => "getsetup", id => "poll", call => \&getsetup);
        hook(type => "preprocess", id => "poll", call => \&preprocess);
        hook(type => "sessioncgi", id => "poll", call => \&sessioncgi);
        hook(type => "getsetup", id => "poll", call => \&getsetup);
        hook(type => "preprocess", id => "poll", call => \&preprocess);
        hook(type => "sessioncgi", id => "poll", call => \&sessioncgi);
-} # }}}
+}
 
 
-sub getsetup () { #{{{
+sub getsetup () {
        return 
                plugin => {
                        safe => 1,
                        rebuild => undef,
        return 
                plugin => {
                        safe => 1,
                        rebuild => undef,
+                       section => "widget",
                },
                },
-} #}}}
+}
 
 my %pagenum;
 
 my %pagenum;
-sub preprocess (@) { #{{{
-       my %params=(open => "yes", total => "yes", percent => "yes", @_);
+sub preprocess (@) {
+       my %params=(open => "yes", total => "yes", percent => "yes",
+               expandable => "no", @_);
 
        my $open=IkiWiki::yesno($params{open});
        my $showtotal=IkiWiki::yesno($params{total});
        my $showpercent=IkiWiki::yesno($params{percent});
 
        my $open=IkiWiki::yesno($params{open});
        my $showtotal=IkiWiki::yesno($params{total});
        my $showpercent=IkiWiki::yesno($params{percent});
-       $pagenum{$params{page}}++;
+       my $expandable=IkiWiki::yesno($params{expandable});
+       my $num=++$pagenum{$params{page}}{$params{destpage}};
 
        my %choices;
        my @choices;
 
        my %choices;
        my @choices;
@@ -51,7 +54,7 @@ sub preprocess (@) { #{{{
        foreach my $choice (@choices) {
                if ($open && exists $config{cgiurl}) {
                        # use POST to avoid robots
        foreach my $choice (@choices) {
                if ($open && exists $config{cgiurl}) {
                        # use POST to avoid robots
-                       $ret.="<form method=\"POST\" action=\"$config{cgiurl}\">\n";
+                       $ret.="<form method=\"POST\" action=\"".IkiWiki::cgiurl()."\">\n";
                }
                my $percent=$total > 0 ? int($choices{$choice} / $total * 100) : 0;
                $ret.="<p>\n";
                }
                my $percent=$total > 0 ? int($choices{$choice} / $total * 100) : 0;
                $ret.="<p>\n";
@@ -63,9 +66,15 @@ sub preprocess (@) { #{{{
                }
                if ($open && exists $config{cgiurl}) {
                        $ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
                }
                if ($open && exists $config{cgiurl}) {
                        $ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
-                       $ret.="<input type=\"hidden\" name=\"num\" value=\"$pagenum{$params{page}}\" />\n";
+                       $ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
                        $ret.="<input type=\"hidden\" name=\"page\" value=\"$params{page}\" />\n";
                        $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
                        $ret.="<input type=\"hidden\" name=\"page\" value=\"$params{page}\" />\n";
                        $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
+                       if (defined $params{postlink}) {
+                               $ret.="<input type=\"hidden\" name=\"postlink\" value=\"".linkpage($params{postlink})."\" />\n";
+                       }
+                       if (defined $params{posttrail}) {
+                               $ret.="<input type=\"hidden\" name=\"posttrail\" value=\"".linkpage($params{posttrail})."\" />\n";
+                       }
                        $ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
                }
                $ret.="</p>\n<hr class=poll align=left width=\"$percent%\"/>\n";
                        $ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
                }
                $ret.="</p>\n<hr class=poll align=left width=\"$percent%\"/>\n";
@@ -73,18 +82,31 @@ sub preprocess (@) { #{{{
                        $ret.="</form>\n";
                }
        }
                        $ret.="</form>\n";
                }
        }
+       
+       if ($expandable && $open && exists $config{cgiurl}) {
+               $ret.="<p>\n";
+               $ret.="<form method=\"POST\" action=\"".IkiWiki::cgiurl()."\">\n";
+               $ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
+               $ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
+               $ret.="<input type=\"hidden\" name=\"page\" value=\"$params{page}\" />\n";
+               $ret.=gettext("Write in").": <input name=\"choice\" size=50 />\n";
+               $ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
+               $ret.="</form>\n";
+               $ret.="</p>\n";
+       }
+
        if ($showtotal) {
                $ret.="<span>".gettext("Total votes:")." $total</span>\n";
        }
        return "<div class=poll>$ret</div>";
        if ($showtotal) {
                $ret.="<span>".gettext("Total votes:")." $total</span>\n";
        }
        return "<div class=poll>$ret</div>";
-} # }}}
+}
 
 
-sub sessioncgi ($$) { #{{{
+sub sessioncgi ($$) {
        my $cgi=shift;
        my $session=shift;
        if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
        my $cgi=shift;
        my $session=shift;
        if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
-               my $choice=decode_utf8($cgi->param('choice'));
-               if (! defined $choice) {
+               my $choice=decode_utf8(scalar $cgi->param('choice'));
+               if (! defined $choice || not length $choice) {
                        error("no choice specified");
                }
                my $num=$cgi->param('num');
                        error("no choice specified");
                }
                my $num=$cgi->param('num');
@@ -96,13 +118,25 @@ sub sessioncgi ($$) { #{{{
                        error("bad page name");
                }
 
                        error("bad page name");
                }
 
+               my $postvote=urlto($page);
+               if (defined $cgi->param('postlink') && length $cgi->param('postlink')) {
+                       $postvote=urlto(bestlink($page, $cgi->param('postlink')));
+               }
+               elsif (defined $cgi->param('posttrail') && length $cgi->param('posttrail')) {
+                       my $trailname=bestlink($page, $cgi->param('posttrail'));
+                       my $trailnext=$pagestate{$page}{trail}{item}{$trailname}[1];
+                       if (defined $trailnext) {
+                               $postvote=urlto($trailnext);
+                       }
+               }
+
                # Did they vote before? If so, let them change their vote,
                # and check for dups.
                my $choice_param="poll_choice_${page}_$num";
                my $oldchoice=$session->param($choice_param);
                if (defined $oldchoice && $oldchoice eq $choice) {
                        # Same vote; no-op.
                # Did they vote before? If so, let them change their vote,
                # and check for dups.
                my $choice_param="poll_choice_${page}_$num";
                my $oldchoice=$session->param($choice_param);
                if (defined $oldchoice && $oldchoice eq $choice) {
                        # Same vote; no-op.
-                       IkiWiki::redirect($cgi, urlto($page, undef, 1));
+                       IkiWiki::redirect($cgi, $postvote);
                        exit;
                }
 
                        exit;
                }
 
@@ -117,7 +151,14 @@ sub sessioncgi ($$) { #{{{
                        my $params=shift;
                        return "\\[[$prefix $params]]" if $escape;
                        if (--$num == 0) {
                        my $params=shift;
                        return "\\[[$prefix $params]]" if $escape;
                        if (--$num == 0) {
-                               $params=~s/(^|\s+)(\d+)\s+"?\Q$choice\E"?(\s+|$)/$1.($2+1)." \"$choice\"".$3/se;
+                               if ($params=~s/(^|\s+)(\d+)\s+"?\Q$choice\E"?(\s+|$)/$1.($2+1)." \"$choice\"".$3/se) {
+                               }
+                               elsif ($params=~/expandable=(\w+)/
+                                   & &IkiWiki::yesno($1)) {
+                                       $choice=~s/["\]\n\r]//g;
+                                       $params.=" 1 \"$choice\""
+                                               if length $choice;
+                               }
                                if (defined $oldchoice) {
                                        $params=~s/(^|\s+)(\d+)\s+"?\Q$oldchoice\E"?(\s+|$)/$1.($2-1 >=0 ? $2-1 : 0)." \"$oldchoice\"".$3/se;
                                }
                                if (defined $oldchoice) {
                                        $params=~s/(^|\s+)(\d+)\s+"?\Q$oldchoice\E"?(\s+|$)/$1.($2-1 >=0 ? $2-1 : 0)." \"$oldchoice\"".$3/se;
                                }
@@ -126,16 +167,19 @@ sub sessioncgi ($$) { #{{{
                };
                $content =~ s{(\\?)\[\[\Q$prefix\E\s+([^]]+)\s*\]\]}{$edit->($1, $2)}seg;
 
                };
                $content =~ s{(\\?)\[\[\Q$prefix\E\s+([^]]+)\s*\]\]}{$edit->($1, $2)}seg;
 
-               # Store their vote, update the page, and redirect to it.
+               # Store their vote, update the page, and redirect.
                writefile($pagesources{$page}, $config{srcdir}, $content);
                $session->param($choice_param, $choice);
                IkiWiki::cgi_savesession($session);
                $oldchoice=$session->param($choice_param);
                if ($config{rcs}) {
                        IkiWiki::disable_commit_hook();
                writefile($pagesources{$page}, $config{srcdir}, $content);
                $session->param($choice_param, $choice);
                IkiWiki::cgi_savesession($session);
                $oldchoice=$session->param($choice_param);
                if ($config{rcs}) {
                        IkiWiki::disable_commit_hook();
-                       IkiWiki::rcs_commit($pagesources{$page}, "poll vote ($choice)",
-                               IkiWiki::rcs_prepedit($pagesources{$page}),
-                               $session->param("name"), $ENV{REMOTE_ADDR});
+                       IkiWiki::rcs_commit(
+                               file => $pagesources{$page},
+                               message => "poll vote ($choice)",
+                               token => IkiWiki::rcs_prepedit($pagesources{$page}),
+                               session => $session,
+                       );
                        IkiWiki::enable_commit_hook();
                        IkiWiki::rcs_update();
                }
                        IkiWiki::enable_commit_hook();
                        IkiWiki::rcs_update();
                }
@@ -148,10 +192,9 @@ sub sessioncgi ($$) { #{{{
                eval q{use CGI::Cookie};
                error($@) if $@;
                my $cookie = CGI::Cookie->new(-name=> $session->name, -value=> $session->id);
                eval q{use CGI::Cookie};
                error($@) if $@;
                my $cookie = CGI::Cookie->new(-name=> $session->name, -value=> $session->id);
-               print $cgi->redirect(-cookie => $cookie,
-                       -url => urlto($page, undef, 1));
+               print $cgi->redirect(-cookie => $cookie, -url => $postvote);
                exit;
        }
                exit;
        }
-} #}}}
+}
 
 1
 
 1