]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/edittemplate.pm
Reference CVE-2016-4561 in 3.20141016.3 changelog
[git.ikiwiki.info.git] / IkiWiki / Plugin / edittemplate.pm
index 89d45072540bb78fcf40eb9a2171138bcfb70fb0..c2a8da29f853ec5f13e8fab959773751cc86ada9 100644 (file)
@@ -23,6 +23,7 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => undef,
+                       section => "web",
                },
 }
 
@@ -40,6 +41,8 @@ sub needsbuild (@) {
                        }
                }
        }
+
+       return $needsbuild;
 }
 
 sub preprocess (@) {
@@ -55,10 +58,17 @@ sub preprocess (@) {
        }
 
        my $link=linkpage($params{template});
-       $pagestate{$params{page}}{edittemplate}{$params{match}}=$link;
+       add_depends($params{page}, $link, deptype("presence"));
+       my $bestlink=bestlink($params{page}, $link);
+       if (! length $bestlink) {
+               add_depends($params{page}, "templates/$link", deptype("presence"));
+               $link="/templates/".$link;
+               $bestlink=bestlink($params{page}, $link);
+       }
+       $pagestate{$params{page}}{edittemplate}{$params{match}}=$bestlink;
 
-       return "" if ($params{silent} && IkiWiki::yesno($params{silent}));
-       add_depends($params{page}, $link, content => 0);
+       return "" if ($params{silent} && IkiWiki::yesno($params{silent})) &&
+               length $bestlink;
        return sprintf(gettext("edittemplate %s registered for %s"),
                htmllink($params{page}, $params{destpage}, $link),
                $params{match});
@@ -82,10 +92,13 @@ sub formbuilder (@) {
        foreach my $field ($form->field) {
                if ($field eq 'page') {
                        @page_locs=$field->def_value;
-                       push @page_locs, $field->options;
+
+                       # FormBuilder is on the bad crack. See #551499
+                       my @options=map { ref $_ ? @$_ : $_ } $field->options;
+
+                       push @page_locs, @options;
                }
        }
-
        foreach my $p (@page_locs) {
                foreach my $registering_page (keys %pagestate) {
                        if (exists $pagestate{$registering_page}{edittemplate}) {
@@ -94,9 +107,11 @@ sub formbuilder (@) {
                                                my $template=$pagestate{$registering_page}{edittemplate}{$pagespec};
                                                $form->field(name => "editcontent",
                                                         value =>  filltemplate($template, $page));
-                                               $form->field(name => "type",
-                                                        value => pagetype($pagesources{$template}))
+                                               my $type=pagetype($pagesources{$template})
                                                                if $pagesources{$template};
+                                               $form->field(name => "type",
+                                                        value => $type)
+                                                               if defined $type;
                                                return;
                                        }
                                }
@@ -109,32 +124,40 @@ sub filltemplate ($$) {
        my $template_page=shift;
        my $page=shift;
 
-       my $template_file=$pagesources{$template_page};
-       if (! defined $template_file) {
-               return;
-       }
-
        my $template;
        eval {
-               $template=HTML::Template->new(
-                       filter => sub {
-                               my $text_ref = shift;
-                               $$text_ref=&Encode::decode_utf8($$text_ref);
-                               chomp $$text_ref;
-                       },
-                       filename => srcfile($template_file),
-                       die_on_bad_params => 0,
-                       no_includes => 1,
-               );
+               # force page name absolute so it doesn't look in templates/
+               $template=template("/".$template_page);
        };
        if ($@) {
+               # gettext can clobber $@
+               my $error = $@;
                # Indicate that the earlier preprocessor directive set 
                # up a template that doesn't work.
-               return "[[!pagetemplate ".gettext("failed to process")." $@]]";
+               return "[[!edittemplate ".gettext("failed to process template:")." $error]]";
        }
 
        $template->param(name => $page);
 
+       if ($template->query(name => 'uuid')) {
+               my $uuid;
+               if (open(my $fh, "<", "/proc/sys/kernel/random/uuid")) {
+                       $uuid = <$fh>;
+                       chomp $uuid;
+                       close $fh;
+               }
+               else {
+                       eval {
+                               require UUID::Tiny;
+                               $uuid = UUID::Tiny::create_uuid_as_string(UUID::Tiny::UUID_V4());
+                       };
+               }
+               $template->param(uuid => $uuid);
+       }
+
+       my $time = time();
+       $template->param(time => IkiWiki::date_3339($time));
+
        return $template->output;
 }