]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki.pm
cherry-pick uri security fix
[git.ikiwiki.info.git] / IkiWiki.pm
index cdbcd2481948266d1cac838e0179db9a4fe0cfbb..0c05bb0d377c8622b2e0ea3ff6a21abea14a6322 100644 (file)
@@ -32,7 +32,7 @@ memoize("file_pruned");
 
 sub defaultconfig () { #{{{
        return
-       wiki_file_prune_regexps => [qr/\.\./, qr/^\./, qr/\/\./,
+       wiki_file_prune_regexps => [qr/(^|\/)\.\.(\/|$)/, qr/^\./, qr/\/\./,
                qr/\.x?html?$/, qr/\.ikiwiki-new$/,
                qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//,
                qr/(^|\/)_MTN\//,
@@ -62,13 +62,14 @@ sub defaultconfig () { #{{{
        cgi => 0,
        post_commit => 0,
        rcs => '',
-       notify => 0,
        url => '',
        cgiurl => '',
        historyurl => '',
        diffurl => '',
        rss => 0,
        atom => 0,
+       allowrss => 0,
+       allowatom => 0,
        discussion => 1,
        rebuild => 0,
        refresh => 0,
@@ -76,7 +77,6 @@ sub defaultconfig () { #{{{
        w3mmode => 0,
        wrapper => undef,
        wrappermode => undef,
-       svnrepo => undef,
        svnpath => "trunk",
        gitorigin_branch => "origin",
        gitmaster_branch => "master",
@@ -90,7 +90,7 @@ sub defaultconfig () { #{{{
        adminuser => undef,
        adminemail => undef,
        plugin => [qw{mdwn inline htmlscrubber passwordauth openid signinedit
-                     lockedit conditional}],
+                     lockedit conditional recentchanges}],
        libdir => undef,
        timeformat => '%c',
        locale => undef,
@@ -262,6 +262,12 @@ sub pagetype ($) { #{{{
        return;
 } #}}}
 
+sub isinternal ($) { #{{{
+       my $page=shift;
+       return exists $pagesources{$page} &&
+               $pagesources{$page} =~ /\._([^.]+)$/;
+} #}}}
+
 sub pagename ($) { #{{{
        my $file=shift;
 
@@ -609,10 +615,26 @@ sub htmllink ($$$;@) { #{{{
        return "<a href=\"$bestlink\"@attrs>$linktext</a>";
 } #}}}
 
+sub userlink ($) { #{{{
+       my $user=shift;
+
+       my $oiduser=eval { openiduser($user) };
+       if (defined $oiduser) {
+               return "<a href=\"$user\">$oiduser</a>";
+       }
+       else {
+               return htmllink("", "", escapeHTML(
+                       length $config{userdir} ? $config{userdir}."/".$user : $user
+               ), noimageinline => 1);
+       }
+} #}}}
+
 sub htmlize ($$$) { #{{{
        my $page=shift;
        my $type=shift;
        my $content=shift;
+       
+       my $oneline = $content !~ /\n/;
 
        if (exists $hooks{htmlize}{$type}) {
                $content=$hooks{htmlize}{$type}{call}->(
@@ -630,6 +652,14 @@ sub htmlize ($$$) { #{{{
                        content => $content,
                );
        });
+       
+       if ($oneline) {
+               # hack to get rid of enclosing junk added by markdown
+               # and other htmlizers
+               $content=~s/^<p>//i;
+               $content=~s/<\/p>$//i;
+               chomp $content;
+       }
 
        return $content;
 } #}}}
@@ -680,7 +710,7 @@ sub preprocess ($$$;$$) { #{{{
                        # consider it significant.
                        my @params;
                        while ($params =~ m{
-                               (?:(\w+)=)?             # 1: named parameter key?
+                               (?:([-\w]+)=)?          # 1: named parameter key?
                                (?:
                                        """(.*?)"""     # 2: triple-quoted value
                                |
@@ -723,12 +753,25 @@ sub preprocess ($$$;$$) { #{{{
                                        $command, $page, $preprocessing{$page}).
                                "]]";
                        }
-                       my $ret=$hooks{preprocess}{$command}{call}->(
-                               @params,
-                               page => $page,
-                               destpage => $destpage,
-                               preview => $preprocess_preview,
-                       );
+                       my $ret;
+                       if (! $scan) {
+                               $ret=$hooks{preprocess}{$command}{call}->(
+                                       @params,
+                                       page => $page,
+                                       destpage => $destpage,
+                                       preview => $preprocess_preview,
+                               );
+                       }
+                       else {
+                               # use void context during scan pass
+                               $hooks{preprocess}{$command}{call}->(
+                                       @params,
+                                       page => $page,
+                                       destpage => $destpage,
+                                       preview => $preprocess_preview,
+                               );
+                               $ret="";
+                       }
                        $preprocessing{$page}--;
                        return $ret;
                }
@@ -740,11 +783,11 @@ sub preprocess ($$$;$$) { #{{{
        $content =~ s{
                (\\?)           # 1: escape?
                \[\[            # directive open
-               (\w+)           # 2: command
+               ([-\w]+)        # 2: command
                \s+
                (               # 3: the parameters..
                        (?:
-                               (?:\w+=)?               # named parameter key?
+                               (?:[-\w]+=)?            # named parameter key?
                                (?:
                                        """.*?"""       # triple-quoted value
                                        |
@@ -843,7 +886,7 @@ sub loadindex () { #{{{
        %oldrenderedfiles=%pagectime=();
        if (! $config{rebuild}) {
                %pagesources=%pagemtime=%oldlinks=%links=%depends=
-                       %destsources=%renderedfiles=%pagecase=();
+                       %destsources=%renderedfiles=%pagecase=%pagestate=();
        }
        open (my $in, "<", "$config{wikistatedir}/index") || return;
        while (<$in>) {
@@ -909,7 +952,7 @@ sub saveindex () { #{{{
                if (exists $pagestate{$page}) {
                        foreach my $id (@hookids) {
                                foreach my $key (keys %{$pagestate{$page}{$id}}) {
-                                       $line.=' '.$id.'_'.encode_entities($key)."=".encode_entities($pagestate{$page}{$id}{$key});
+                                       $line.=' '.$id.'_'.encode_entities($key)."=".encode_entities($pagestate{$page}{$id}{$key}, " \t\n");
                                }
                        }
                }
@@ -1067,10 +1110,10 @@ sub file_pruned ($$) { #{{{
        require File::Spec;
        my $file=File::Spec->canonpath(shift);
        my $base=File::Spec->canonpath(shift);
-       $file =~ s#^\Q$base\E/*##;
+       $file =~ s#^\Q$base\E/+##;
 
        my $regexp='('.join('|', @{$config{wiki_file_prune_regexps}}).')';
-       return $file =~ m/$regexp/;
+       return $file =~ m/$regexp/ && $file ne $base;
 } #}}}
 
 sub gettext { #{{{
@@ -1229,13 +1272,22 @@ sub match_glob ($$;@) { #{{{
        $glob=~s/\\\?/./g;
 
        if ($page=~/^$glob$/i) {
-               return IkiWiki::SuccessReason->new("$glob matches $page");
+               if (! IkiWiki::isinternal($page) || $params{internal}) {
+                       return IkiWiki::SuccessReason->new("$glob matches $page");
+               }
+               else {
+                       return IkiWiki::FailReason->new("$glob matches $page, but the page is an internal page");
+               }
        }
        else {
                return IkiWiki::FailReason->new("$glob does not match $page");
        }
 } #}}}
 
+sub match_internal ($$;@) { #{{{
+       return match_glob($_[0], $_[1], @_, internal => 1)
+} #}}}
+
 sub match_link ($$;@) { #{{{
        my $page=shift;
        my $link=lc(shift);
@@ -1331,19 +1383,4 @@ sub match_creation_year ($$;@) { #{{{
        }
 } #}}}
 
-sub match_user ($$;@) { #{{{
-       shift;
-       my $user=shift;
-       my %params=@_;
-
-       return IkiWiki::FailReason->new('cannot match user')
-               unless exists $params{user};
-       if ($user eq $params{user}) {
-               return IkiWiki::SuccessReason->new("user is $user")
-       }
-       else {
-               return IkiWiki::FailReason->new("user is not $user");
-       }
-} #}}}
-
 1