X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/045bacad522c8c882324909971f4b05bfd8eccca..325d5c791fc50dc3868b2f1938d052d39b676248:/ikiwiki?ds=sidebyside diff --git a/ikiwiki b/ikiwiki index a5327dac5..aec52ca86 100755 --- a/ikiwiki +++ b/ikiwiki @@ -1,50 +1,94 @@ #!/usr/bin/perl -T +eval 'exec /usr/bin/perl -T -S $0 ${1+"$@"}' + if 0; # not running under some shell +$ENV{PATH}="/usr/local/bin:/usr/bin:/bin"; + use warnings; use strict; -use File::Find; use Memoize; use File::Spec; use HTML::Template; - -BEGIN { - $blosxom::version="is a proper perl module too much to ask?"; - do "/usr/bin/markdown"; +use Getopt::Long; + +my (%links, %oldlinks, %oldpagemtime, %renderedfiles, %pagesources); + +# Holds global config settings, also used by some modules. +our %config=( #{{{ + wiki_file_prune_regexp => qr{((^|/).svn/|\.\.|^\.|\/\.|\.html?$)}, + wiki_link_regexp => qr/\[\[([^\s\]]+)\]\]/, + wiki_file_regexp => qr/(^[-A-Za-z0-9_.:\/+]+$)/, + verbose => 0, + wikiname => "wiki", + default_pageext => ".mdwn", + cgi => 0, + svn => 1, + url => '', + cgiurl => '', + historyurl => '', + diffurl => '', + anonok => 0, + rebuild => 0, + wrapper => undef, + wrappermode => undef, + srcdir => undef, + destdir => undef, + templatedir => undef, + setup => undef, + adminuser => undef, +); #}}} + +GetOptions( #{{{ + "setup=s" => \$config{setup}, + "wikiname=s" => \$config{wikiname}, + "verbose|v!" => \$config{verbose}, + "rebuild!" => \$config{rebuild}, + "wrapper=s" => sub { $config{wrapper}=$_[1] ? $_[1] : "ikiwiki-wrap" }, + "wrappermode=i" => \$config{wrappermode}, + "svn!" => \$config{svn}, + "anonok!" => \$config{anonok}, + "cgi!" => \$config{cgi}, + "url=s" => \$config{url}, + "cgiurl=s" => \$config{cgiurl}, + "historyurl=s" => \$config{historyurl}, + "diffurl=s" => \$config{diffurl}, + "exclude=s@" => sub { + $config{wiki_file_prune_regexp}=qr/$config{wiki_file_prune_regexp}|$_[1]/; + }, + "adminuser=s@" => sub { push @{$config{adminuser}}, $_[1] }, +) || usage(); + +if (! $config{setup}) { + usage() unless @ARGV == 3; + $config{srcdir} = possibly_foolish_untaint(shift); + $config{templatedir} = possibly_foolish_untaint(shift); + $config{destdir} = possibly_foolish_untaint(shift); + if ($config{cgi} && ! length $config{url}) { + error("Must specify url to wiki with --url when using --cgi"); + } } - -$ENV{PATH}="/usr/local/bin:/usr/bin:/bin"; -my ($srcdir, $templatedir, $destdir, %links, %oldlinks, %oldpagemtime, - %renderedfiles, %pagesources); -my $wiki_link_regexp=qr/\[\[([^\s]+)\]\]/; -my $wiki_file_regexp=qr/(^[-A-Za-z0-9_.:\/+]+$)/; -my $wiki_file_prune_regexp=qr!((^|/).svn/|\.\.|^\.|\/\.|\.html?$)!; -my $verbose=0; -my $wikiname="wiki"; -my $default_pagetype=".mdwn"; -my $cgi=0; -my $url=""; -my $cgiurl=""; -my $historyurl=""; -my $svn=1; -my $anonok=0; +#}}} sub usage { #{{{ die "usage: ikiwiki [options] source templates dest\n"; } #}}} -sub error ($) { #{{{ - if ($cgi) { +sub error { #{{{ + if ($config{cgi}) { print "Content-type: text/html\n\n"; - print "Error: @_\n"; - exit 1; - } - else { - die @_; + print misctemplate("Error", "

Error: @_

"); } + die @_; } #}}} sub debug ($) { #{{{ - print "@_\n" if $verbose; + return unless $config{verbose}; + if (! $config{cgi}) { + print "@_\n"; + } + else { + print STDERR "@_\n"; + } } #}}} sub mtime ($) { #{{{ @@ -53,7 +97,7 @@ sub mtime ($) { #{{{ return (stat($page))[9]; } #}}} -sub possibly_foolish_untaint ($) { #{{{ +sub possibly_foolish_untaint { #{{{ my $tainted=shift; my ($untainted)=$tainted=~/(.*)/; return $untainted; @@ -129,21 +173,25 @@ sub writefile ($$) { #{{{ close OUT; } #}}} -sub findlinks ($) { #{{{ +sub findlinks ($$) { #{{{ my $content=shift; + my $page=shift; my @links; - while ($content =~ /$wiki_link_regexp/g) { + while ($content =~ /(??$link" + return "?$link" } $bestlink=File::Spec->abs2rel($bestlink, dirname($page)); - if (! $noimagelink && isinlinableimage($bestlink)) { + if (! $noimageinline && isinlinableimage($bestlink)) { return ""; } return "$link"; @@ -199,9 +254,11 @@ sub htmllink { #{{{ sub linkify ($$) { #{{{ my $content=shift; - my $file=shift; + my $page=shift; - $content =~ s/$wiki_link_regexp/htmllink(pagename($file), $1)/eg; + $content =~ s{(\\?)$config{wiki_link_regexp}}{ + $1 ? "[[$2]]" : htmllink($page, $2) + }eg; return $content; } #}}} @@ -210,6 +267,13 @@ sub htmlize ($$) { #{{{ my $type=shift; my $content=shift; + if (! $INC{"/usr/bin/markdown"}) { + no warnings 'once'; + $blosxom::version="is a proper perl module too much to ask?"; + use warnings 'all'; + do "/usr/bin/markdown"; + } + if ($type eq '.mdwn') { return Markdown::Markdown($content); } @@ -240,7 +304,7 @@ sub backlinks ($) { #{{{ } } - return @links; + return sort { $a->{page} cmp $b->{page} } @links; } #}}} sub parentlinks ($) { #{{{ @@ -252,81 +316,127 @@ sub parentlinks ($) { #{{{ my $skip=1; foreach my $dir (reverse split("/", $page)) { if (! $skip) { + $path.="../"; unshift @ret, { url => "$path$dir.html", page => $dir }; } else { $skip=0; } - $path.="../"; } + unshift @ret, { url => length $path ? $path : ".", page => $config{wikiname} }; return @ret; } #}}} sub indexlink () { #{{{ - return "$wikiname/ "; + return "$config{wikiname}"; } #}}} - -sub finalize ($$) { #{{{ + +sub finalize ($$$) { #{{{ my $content=shift; my $page=shift; + my $mtime=shift; my $title=basename($page); $title=~s/_/ /g; my $template=HTML::Template->new(blind_cache => 1, - filename => "$templatedir/page.tmpl"); + filename => "$config{templatedir}/page.tmpl"); - if (length $cgiurl) { - $template->param(editurl => "$cgiurl?do=edit&page=$page"); - $template->param(recentchangesurl => "$cgiurl?do=recentchanges"); + if (length $config{cgiurl}) { + $template->param(editurl => "$config{cgiurl}?do=edit&page=$page"); + $template->param(prefsurl => "$config{cgiurl}?do=prefs"); + if ($config{svn}) { + $template->param(recentchangesurl => "$config{cgiurl}?do=recentchanges"); + } } - if (length $historyurl) { - my $u=$historyurl; - $u=~s/\[\[\]\]/$pagesources{$page}/g; + if (length $config{historyurl}) { + my $u=$config{historyurl}; + $u=~s/\[\[file\]\]/$pagesources{$page}/g; $template->param(historyurl => $u); } $template->param( title => $title, - indexlink => $url, - wikiname => $wikiname, + wikiname => $config{wikiname}, parentlinks => [parentlinks($page)], content => $content, backlinks => [backlinks($page)], + discussionlink => htmllink($page, "Discussion", 1, 1), + mtime => scalar(gmtime($mtime)), ); return $template->output; } #}}} +sub check_overwrite ($$) { #{{{ + # Important security check. Make sure to call this before saving + # any files to the source directory. + my $dest=shift; + my $src=shift; + + if (! exists $renderedfiles{$src} && -e $dest && ! $config{rebuild}) { + error("$dest already exists and was rendered from ". + join(" ",(grep { $renderedfiles{$_} eq $dest } keys + %renderedfiles)). + ", before, so not rendering from $src"); + } +} #}}} + sub render ($) { #{{{ my $file=shift; my $type=pagetype($file); - my $content=readfile("$srcdir/$file"); + my $content=readfile("$config{srcdir}/$file"); if ($type ne 'unknown') { my $page=pagename($file); - $links{$page}=[findlinks($content)]; + $links{$page}=[findlinks($content, $page)]; - $content=linkify($content, $file); + $content=linkify($content, $page); $content=htmlize($type, $content); - $content=finalize($content, $page); + $content=finalize($content, $page, + mtime("$config{srcdir}/$file")); - writefile("$destdir/".htmlpage($page), $content); + check_overwrite("$config{destdir}/".htmlpage($page), $page); + writefile("$config{destdir}/".htmlpage($page), $content); $oldpagemtime{$page}=time; $renderedfiles{$page}=htmlpage($page); } else { $links{$file}=[]; - writefile("$destdir/$file", $content); + check_overwrite("$config{destdir}/$file", $file); + writefile("$config{destdir}/$file", $content); $oldpagemtime{$file}=time; $renderedfiles{$file}=$file; } } #}}} +sub lockwiki () { #{{{ + # Take an exclusive lock on the wiki to prevent multiple concurrent + # run issues. The lock will be dropped on program exit. + if (! -d "$config{srcdir}/.ikiwiki") { + mkdir("$config{srcdir}/.ikiwiki"); + } + open(WIKILOCK, ">$config{srcdir}/.ikiwiki/lockfile") || error ("cannot write to lockfile: $!"); + if (! flock(WIKILOCK, 2 | 4)) { + debug("wiki seems to be locked, waiting for lock"); + my $wait=600; # arbitrary, but don't hang forever to + # prevent process pileup + for (1..600) { + return if flock(WIKILOCK, 2 | 4); + sleep 1; + } + error("wiki is locked; waited $wait seconds without lock being freed (possible stuck process or stale lock?)"); + } +} #}}} + +sub unlockwiki () { #{{{ + close WIKILOCK; +} #}}} + sub loadindex () { #{{{ - open (IN, "$srcdir/.ikiwiki/index") || return; + open (IN, "$config{srcdir}/.ikiwiki/index") || return; while () { $_=possibly_foolish_untaint($_); chomp; @@ -342,10 +452,10 @@ sub loadindex () { #{{{ } #}}} sub saveindex () { #{{{ - if (! -d "$srcdir/.ikiwiki") { - mkdir("$srcdir/.ikiwiki"); + if (! -d "$config{srcdir}/.ikiwiki") { + mkdir("$config{srcdir}/.ikiwiki"); } - open (OUT, ">$srcdir/.ikiwiki/index") || error("cannot write to index: $!"); + open (OUT, ">$config{srcdir}/.ikiwiki/index") || error("cannot write to index: $!"); foreach my $page (keys %oldpagemtime) { print OUT "$oldpagemtime{$page} $pagesources{$page} $renderedfiles{$page} ". join(" ", @{$links{$page}})."\n" @@ -355,50 +465,100 @@ sub saveindex () { #{{{ } #}}} sub rcs_update () { #{{{ - if (-d "$srcdir/.svn") { - if (system("svn", "update", "--quiet", $srcdir) != 0) { + if (-d "$config{srcdir}/.svn") { + if (system("svn", "update", "--quiet", $config{srcdir}) != 0) { warn("svn update failed\n"); } } } #}}} -sub rcs_commit ($) { #{{{ +sub rcs_prepedit ($) { #{{{ + # Prepares to edit a file under revision control. Returns a token + # that must be passed into rcs_commit when the file is ready + # for committing. + # The file is relative to the srcdir. + my $file=shift; + + if (-d "$config{srcdir}/.svn") { + # For subversion, return the revision of the file when + # editing begins. + my $rev=svn_info("Revision", "$config{srcdir}/$file"); + return defined $rev ? $rev : ""; + } +} #}}} + +sub rcs_commit ($$$) { #{{{ + # Tries to commit the page; returns undef on _success_ and + # a version of the page with the rcs's conflict markers on failure. + # The file is relative to the srcdir. + my $file=shift; my $message=shift; + my $rcstoken=shift; + + if (-d "$config{srcdir}/.svn") { + # Check to see if the page has been changed by someone + # else since rcs_prepedit was called. + my ($oldrev)=$rcstoken=~/^([0-9]+)$/; # untaint + my $rev=svn_info("Revision", "$config{srcdir}/$file"); + if (defined $rev && defined $oldrev && $rev != $oldrev) { + # Merge their changes into the file that we've + # changed. + chdir($config{srcdir}); # svn merge wants to be here + if (system("svn", "merge", "--quiet", "-r$oldrev:$rev", + "$config{srcdir}/$file") != 0) { + warn("svn merge -r$oldrev:$rev failed\n"); + } + } - if (-d "$srcdir/.svn") { if (system("svn", "commit", "--quiet", "-m", - possibly_foolish_untaint($message), $srcdir) != 0) { - warn("svn commit failed\n"); + possibly_foolish_untaint($message), + "$config{srcdir}") != 0) { + my $conflict=readfile("$config{srcdir}/$file"); + if (system("svn", "revert", "--quiet", "$config{srcdir}/$file") != 0) { + warn("svn revert failed\n"); + } + return $conflict; } } + return undef # success } #}}} sub rcs_add ($) { #{{{ + # filename is relative to the root of the srcdir my $file=shift; - if (-d "$srcdir/.svn") { + if (-d "$config{srcdir}/.svn") { my $parent=dirname($file); - while (! -d "$srcdir/$parent/.svn") { + while (! -d "$config{srcdir}/$parent/.svn") { $file=$parent; $parent=dirname($file); } - if (system("svn", "add", "--quiet", "$srcdir/$file") != 0) { + if (system("svn", "add", "--quiet", "$config{srcdir}/$file") != 0) { warn("svn add failed\n"); } } } #}}} +sub svn_info ($$) { #{{{ + my $field=shift; + my $file=shift; + + my $info=`LANG=C svn info $file`; + my ($ret)=$info=~/^$field: (.*)$/m; + return $ret; +} #}}} + sub rcs_recentchanges ($) { #{{{ my $num=shift; my @ret; + eval q{use CGI 'escapeHTML'}; eval q{use Date::Parse}; eval q{use Time::Duration}; - if (-d "$srcdir/.svn") { - my $info=`LANG=C svn info $srcdir`; - my ($svn_url)=$info=~/^URL: (.*)$/m; + if (-d "$config{srcdir}/.svn") { + my $svn_url=svn_info("URL", $config{srcdir}); # FIXME: currently assumes that the wiki is somewhere # under trunk in svn, doesn't support other layouts. @@ -407,8 +567,8 @@ sub rcs_recentchanges ($) { #{{{ my $div=qr/^--------------------+$/; my $infoline=qr/^r(\d+)\s+\|\s+([^\s]+)\s+\|\s+(\d+-\d+-\d+\s+\d+:\d+:\d+\s+[-+]?\d+).*/; my $state='start'; - my ($rev, $user, $when, @pages, $message); - foreach (`LANG=C svn log -v '$svn_url'`) { + my ($rev, $user, $when, @pages, @message); + foreach (`LANG=C svn log --limit $num -v '$svn_url'`) { chomp; if ($state eq 'start' && /$div/) { $state='header'; @@ -418,25 +578,45 @@ sub rcs_recentchanges ($) { #{{{ $user=$2; $when=concise(ago(time - str2time($3))); } - elsif ($state eq 'header' && /^\s+[A-Z]\s+\Q$svn_base\E\/(.+)$/) { - push @pages, { link => htmllink("", pagename($1), 1) } - if length $1; + elsif ($state eq 'header' && /^\s+[A-Z]\s+\Q$svn_base\E\/([^ ]+)(?:$|\s)/) { + my $file=$1; + my $diffurl=$config{diffurl}; + $diffurl=~s/\[\[file\]\]/$file/g; + $diffurl=~s/\[\[r1\]\]/$rev - 1/eg; + $diffurl=~s/\[\[r2\]\]/$rev/g; + push @pages, { + link => htmllink("", pagename($file), 1), + diffurl => $diffurl, + } if length $file; } elsif ($state eq 'header' && /^$/) { $state='body'; } elsif ($state eq 'body' && /$div/) { - push @ret, { rev => $rev, user => $user, - when => $when, message => $message, - pages => [@pages] } if @pages; + my $committype="web"; + if (defined $message[0] && + $message[0]->{line}=~/^web commit by (\w+):?(.*)/) { + $user="$1"; + $message[0]->{line}=$2; + } + else { + $committype="svn"; + } + + push @ret, { rev => $rev, + user => htmllink("", $user, 1), + committype => $committype, + when => $when, message => [@message], + pages => [@pages], + } if @pages; return @ret if @ret >= $num; $state='header'; - $message=$rev=$user=$when=undef; - @pages=(); + $rev=$user=$when=undef; + @pages=@message=(); } elsif ($state eq 'body') { - $message.="$_
\n"; + push @message, {line => escapeHTML($_)}, } } } @@ -455,28 +635,31 @@ sub prune ($) { #{{{ } #}}} sub refresh () { #{{{ - # Find existing pages. + # find existing pages my %exists; my @files; + eval q{use File::Find}; find({ no_chdir => 1, wanted => sub { - if (/$wiki_file_prune_regexp/) { + if (/$config{wiki_file_prune_regexp}/) { + no warnings 'once'; $File::Find::prune=1; + use warnings "all"; } - elsif (! -d $_) { - my ($f)=/$wiki_file_regexp/; # untaint + elsif (! -d $_ && ! -l $_) { + my ($f)=/$config{wiki_file_regexp}/; # untaint if (! defined $f) { warn("skipping bad filename $_\n"); } else { - $f=~s/^\Q$srcdir\E\/?//; + $f=~s/^\Q$config{srcdir}\E\/?//; push @files, $f; $exists{pagename($f)}=1; } } }, - }, $srcdir); + }, $config{srcdir}); my %rendered; @@ -495,8 +678,8 @@ sub refresh () { #{{{ foreach my $page (keys %oldpagemtime) { if (! $exists{$page}) { debug("removing old page $page"); - push @del, $renderedfiles{$page}; - prune($destdir."/".$renderedfiles{$page}); + push @del, $pagesources{$page}; + prune($config{destdir}."/".$renderedfiles{$page}); delete $renderedfiles{$page}; $oldpagemtime{$page}=0; delete $pagesources{$page}; @@ -508,7 +691,7 @@ sub refresh () { #{{{ my $page=pagename($file); if (! exists $oldpagemtime{$page} || - mtime("$srcdir/$file") > $oldpagemtime{$page}) { + mtime("$config{srcdir}/$file") > $oldpagemtime{$page}) { debug("rendering changed file $file"); render($file); $rendered{$file}=1; @@ -547,8 +730,7 @@ FILE: foreach my $file (@files) { foreach my $file (keys %rendered, @del) { my $page=pagename($file); if (exists $links{$page}) { - foreach my $link (@{$links{$page}}) { - $link=bestlink($page, $link); + foreach my $link (map { bestlink($page, $_) } @{$links{$page}}) { if (length $link && ! exists $oldlinks{$page} || ! grep { $_ eq $link } @{$oldlinks{$page}}) { @@ -557,8 +739,7 @@ FILE: foreach my $file (@files) { } } if (exists $oldlinks{$page}) { - foreach my $link (@{$oldlinks{$page}}) { - $link=bestlink($page, $link); + foreach my $link (map { bestlink($page, $_) } @{$oldlinks{$page}}) { if (length $link && ! exists $links{$page} || ! grep { $_ eq $link } @{$links{$page}}) { @@ -577,28 +758,32 @@ FILE: foreach my $file (@files) { } } #}}} -# Generates a C wrapper program for running ikiwiki in a specific way. -# The wrapper may be safely made suid. -sub gen_wrapper ($$) { #{{{ - my ($svn, $rebuild)=@_; - +sub gen_wrapper (@) { #{{{ + my %config=(@_); eval q{use Cwd 'abs_path'}; - $srcdir=abs_path($srcdir); - $destdir=abs_path($destdir); + $config{srcdir}=abs_path($config{srcdir}); + $config{destdir}=abs_path($config{destdir}); my $this=abs_path($0); if (! -x $this) { error("$this doesn't seem to be executable"); } - my @params=($srcdir, $templatedir, $destdir, "--wikiname=$wikiname"); - push @params, "--verbose" if $verbose; - push @params, "--rebuild" if $rebuild; - push @params, "--nosvn" if !$svn; - push @params, "--cgi" if $cgi; - push @params, "--url=$url" if $url; - push @params, "--cgiurl=$cgiurl" if $cgiurl; - push @params, "--historyurl=$historyurl" if $historyurl; - push @params, "--anonok" if $anonok; + if ($config{setup}) { + error("cannot create a wrapper that uses a setup file"); + } + + my @params=($config{srcdir}, $config{templatedir}, $config{destdir}, + "--wikiname=$config{wikiname}"); + push @params, "--verbose" if $config{verbose}; + push @params, "--rebuild" if $config{rebuild}; + push @params, "--nosvn" if !$config{svn}; + push @params, "--cgi" if $config{cgi}; + push @params, "--url=$config{url}" if length $config{url}; + push @params, "--cgiurl=$config{cgiurl}" if length $config{cgiurl}; + push @params, "--historyurl=$config{historyurl}" if length $config{historyurl}; + push @params, "--diffurl=$config{diffurl}" if length $config{diffurl}; + push @params, "--anonok" if $config{anonok}; + push @params, "--adminuser=$_" foreach @{$config{adminuser}}; my $params=join(" ", @params); my $call=''; foreach my $p ($this, $this, @params) { @@ -609,7 +794,7 @@ sub gen_wrapper ($$) { #{{{ my @envsave; push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE - HTTP_COOKIE} if $cgi; + HTTP_COOKIE} if $config{cgi}; my $envsave=""; foreach my $var (@envsave) { $envsave.=<<"EOF" @@ -650,40 +835,108 @@ $envsave } EOF close OUT; - if (system("gcc", "ikiwiki-wrap.c", "-o", "ikiwiki-wrap") != 0) { + if (system("gcc", "ikiwiki-wrap.c", "-o", possibly_foolish_untaint($config{wrapper})) != 0) { error("failed to compile ikiwiki-wrap.c"); } unlink("ikiwiki-wrap.c"); - print "successfully generated ikiwiki-wrap\n"; - exit 0; + if (defined $config{wrappermode} && + ! chmod(oct($config{wrappermode}), possibly_foolish_untaint($config{wrapper}))) { + error("chmod $config{wrapper}: $!"); + } + print "successfully generated $config{wrapper}\n"; } #}}} + +sub misctemplate ($$) { #{{{ + my $title=shift; + my $pagebody=shift; + + my $template=HTML::Template->new( + filename => "$config{templatedir}/misc.tmpl" + ); + $template->param( + title => $title, + indexlink => indexlink(), + wikiname => $config{wikiname}, + pagebody => $pagebody, + ); + return $template->output; +}#}}} -sub html_recentchanges ($) { #{{{ +sub cgi_recentchanges ($) { #{{{ my $q=shift; my $template=HTML::Template->new( - filename => "$templatedir/recentchanges.tmpl"); + filename => "$config{templatedir}/recentchanges.tmpl" + ); $template->param( title => "RecentChanges", - indexlink => $url, - wikiname => $wikiname, + indexlink => indexlink(), + wikiname => $config{wikiname}, changelog => [rcs_recentchanges(100)], ); print $q->header, $template->output; } #}}} +sub userinfo_get ($$) { #{{{ + my $user=shift; + my $field=shift; + + eval q{use Storable}; + my $userdata=eval{ Storable::lock_retrieve("$config{srcdir}/.ikiwiki/userdb") }; + if (! defined $userdata || ! ref $userdata || + ! exists $userdata->{$user} || ! ref $userdata->{$user} || + ! exists $userdata->{$user}->{$field}) { + return ""; + } + return $userdata->{$user}->{$field}; +} #}}} + +sub userinfo_set ($$$) { #{{{ + my $user=shift; + my $field=shift; + my $value=shift; + + eval q{use Storable}; + my $userdata=eval{ Storable::lock_retrieve("$config{srcdir}/.ikiwiki/userdb") }; + if (! defined $userdata || ! ref $userdata || + ! exists $userdata->{$user} || ! ref $userdata->{$user}) { + return ""; + } + + $userdata->{$user}->{$field}=$value; + my $oldmask=umask(077); + my $ret=Storable::lock_store($userdata, "$config{srcdir}/.ikiwiki/userdb"); + umask($oldmask); + return $ret; +} #}}} + +sub userinfo_setall ($$) { #{{{ + my $user=shift; + my $info=shift; + + eval q{use Storable}; + my $userdata=eval{ Storable::lock_retrieve("$config{srcdir}/.ikiwiki/userdb") }; + if (! defined $userdata || ! ref $userdata) { + $userdata={}; + } + $userdata->{$user}=$info; + my $oldmask=umask(077); + my $ret=Storable::lock_store($userdata, "$config{srcdir}/.ikiwiki/userdb"); + umask($oldmask); + return $ret; +} #}}} + sub cgi_signin ($$) { #{{{ my $q=shift; my $session=shift; eval q{use CGI::FormBuilder}; my $form = CGI::FormBuilder->new( - title => "$wikiname signin", - fields => [qw(do page name password confirm_password email)], + title => "signin", + fields => [qw(do page from name password confirm_password email)], header => 1, method => 'POST', validate => { - name => '/^\w+$/', confirm_password => { perl => q{eq $form->field("password")}, }, @@ -693,20 +946,20 @@ sub cgi_signin ($$) { #{{{ javascript => 0, params => $q, action => $q->request_uri, + header => 0, + template => (-e "$config{templatedir}/signin.tmpl" ? + "$config{templatedir}/signin.tmpl" : "") ); - $form->sessionid($session->id); $form->field(name => "name", required => 0); $form->field(name => "do", type => "hidden"); $form->field(name => "page", type => "hidden"); + $form->field(name => "from", type => "hidden"); $form->field(name => "password", type => "password", required => 0); $form->field(name => "confirm_password", type => "password", required => 0); $form->field(name => "email", required => 0); - if ($session->param("name")) { - $form->field(name => "name", value => $session->param("name")); - } if ($q->param("do") ne "signin") { - $form->text("You need to log in before you can edit pages."); + $form->text("You need to log in first."); } if ($form->submitted) { @@ -720,239 +973,505 @@ sub cgi_signin ($$) { #{{{ $form->field(name => $opt, required => 1); } - # Validate password differently depending on how form was - # submitted. + # Validate password differently depending on how + # form was submitted. if ($form->submitted eq 'Login') { $form->field( name => "password", validate => sub { - # TODO get real user password - shift eq "foo"; + length $form->field("name") && + shift eq userinfo_get($form->field("name"), 'password'); }, ); + $form->field(name => "name", validate => '/^\w+$/'); } else { $form->field(name => "password", validate => 'VALUE'); } + # And make sure the entered name exists when logging + # in or sending email, and does not when registering. + if ($form->submitted eq 'Register') { + $form->field( + name => "name", + validate => sub { + my $name=shift; + length $name && + ! userinfo_get($name, "regdate"); + }, + ); + } + else { + $form->field( + name => "name", + validate => sub { + my $name=shift; + length $name && + userinfo_get($name, "regdate"); + }, + ); + } } else { - # Comments only shown first time. + # First time settings. $form->field(name => "name", comment => "use FirstnameLastName"); $form->field(name => "confirm_password", comment => "(only needed"); $form->field(name => "email", comment => "for registration)"); + if ($session->param("name")) { + $form->field(name => "name", value => $session->param("name")); + } } if ($form->submitted && $form->validate) { if ($form->submitted eq 'Login') { $session->param("name", $form->field("name")); - if (defined $form->field("do")) { - $q->redirect( - "$cgiurl?do=".$form->field("do"). - "&page=".$form->field("page")); + if (defined $form->field("do") && + $form->field("do") ne 'signin') { + print $q->redirect( + "$config{cgiurl}?do=".$form->field("do"). + "&page=".$form->field("page"). + "&from=".$form->field("from"));; } else { - $q->redirect($url); + print $q->redirect($config{url}); } } elsif ($form->submitted eq 'Register') { - # TODO: save registration info - $form->field(name => "confirm_password", type => "hidden"); - $form->field(name => "email", type => "hidden"); - $form->text("Registration successful. Now you can Login."); - print $form->render(submit => ["Login"]);; + my $user_name=$form->field('name'); + if (userinfo_setall($user_name, { + 'email' => $form->field('email'), + 'password' => $form->field('password'), + 'regdate' => time + })) { + $form->field(name => "confirm_password", type => "hidden"); + $form->field(name => "email", type => "hidden"); + $form->text("Registration successful. Now you can Login."); + print $session->header(); + print misctemplate($form->title, $form->render(submit => ["Login"])); + } + else { + error("Error saving registration."); + } } elsif ($form->submitted eq 'Mail Password') { - # TODO mail password + my $user_name=$form->field("name"); + my $template=HTML::Template->new( + filename => "$config{templatedir}/passwordmail.tmpl" + ); + $template->param( + user_name => $user_name, + user_password => userinfo_get($user_name, "password"), + wikiurl => $config{url}, + wikiname => $config{wikiname}, + REMOTE_ADDR => $ENV{REMOTE_ADDR}, + ); + + eval q{use Mail::Sendmail}; + my ($fromhost) = $config{cgiurl} =~ m!/([^/]+)!; + sendmail( + To => userinfo_get($user_name, "email"), + From => "$config{wikiname} admin <".(getpwuid($>))[0]."@".$fromhost.">", + Subject => "$config{wikiname} information", + Message => $template->output, + ) or error("Failed to send mail"); + $form->text("Your password has been emailed to you."); - print $form->render(submit => ["Login", "Register", "Mail Password"]);; + $form->field(name => "name", required => 0); + print $session->header(); + print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"])); } } else { - print $form->render(submit => ["Login", "Register", "Mail Password"]);; + print $session->header(); + print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"])); } } #}}} -sub cgi () { #{{{ - eval q{use CGI}; - eval q{use CGI::Session}; +sub is_admin ($) { #{{{ + my $user_name=shift; + + return grep { $_ eq $user_name } @{$config{adminuser}}; +} #}}} + +sub glob_match ($$) { #{{{ + my $page=shift; + my $glob=shift; + + # turn glob into safe regexp + $glob=quotemeta($glob); + $glob=~s/\\\*/.*/g; + $glob=~s/\\\?/./g; + $glob=~s!\\/!/!g; - my $q=CGI->new; - # session id has to be _sessionid for CGI::FormBuilder to work. - # TODO: stop having the formbuilder emit cookies and change session - # id to something else. - CGI::Session->name("_sessionid"); - my $session = CGI::Session->new(undef, $q, - { Directory=> "$srcdir/.ikiwiki/sessions" }); + $page=~/^$glob$/i; +} #}}} + +sub globlist_match ($$) { #{{{ + my $page=shift; + my @globlist=split(" ", shift); + + # check any negated globs first + foreach my $glob (@globlist) { + return 0 if $glob=~/^!(.*)/ && glob_match($page, $1); + } + + foreach my $glob (@globlist) { + return 1 if glob_match($page, $glob); + } - my $do=$q->param('do'); - if (! defined $do || ! length $do) { - error("\"do\" parameter missing"); + return 0; +} #}}} + +sub page_locked ($$;$) { #{{{ + my $page=shift; + my $session=shift; + my $nonfatal=shift; + + my $user=$session->param("name"); + return if length $user && is_admin($user); + + foreach my $admin (@{$config{adminuser}}) { + my $locked_pages=userinfo_get($admin, "locked_pages"); + if (globlist_match($page, userinfo_get($admin, "locked_pages"))) { + return 1 if $nonfatal; + error(htmllink("", $page, 1)." is locked by ". + htmllink("", $admin, 1)." and cannot be edited."); + } } +} #}}} + +sub cgi_prefs ($$) { #{{{ + my $q=shift; + my $session=shift; + + eval q{use CGI::FormBuilder}; + my $form = CGI::FormBuilder->new( + title => "preferences", + fields => [qw(do name password confirm_password email locked_pages)], + header => 0, + method => 'POST', + validate => { + confirm_password => { + perl => q{eq $form->field("password")}, + }, + email => 'EMAIL', + }, + required => 'NONE', + javascript => 0, + params => $q, + action => $q->request_uri, + template => (-e "$config{templatedir}/prefs.tmpl" ? + "$config{templatedir}/prefs.tmpl" : "") + ); + my @buttons=("Save Preferences", "Logout", "Cancel"); - if ($do eq 'recentchanges') { - cgi_recentchanges($q); - return; + my $user_name=$session->param("name"); + $form->field(name => "do", type => "hidden"); + $form->field(name => "name", disabled => 1, + value => $user_name, force => 1); + $form->field(name => "password", type => "password"); + $form->field(name => "confirm_password", type => "password"); + $form->field(name => "locked_pages", size => 50, + comment => "(".htmllink("", "GlobList", 1).")"); + + if (! is_admin($user_name)) { + $form->field(name => "locked_pages", type => "hidden"); } - if ((! $anonok && ! defined $session->param("name")) || $do eq 'signin') { - cgi_signin($q, $session); + if (! $form->submitted) { + $form->field(name => "email", force => 1, + value => userinfo_get($user_name, "email")); + $form->field(name => "locked_pages", force => 1, + value => userinfo_get($user_name, "locked_pages")); + } + + if ($form->submitted eq 'Logout') { + $session->delete(); + print $q->redirect($config{url}); + return; + } + elsif ($form->submitted eq 'Cancel') { + print $q->redirect($config{url}); return; } + elsif ($form->submitted eq "Save Preferences" && $form->validate) { + foreach my $field (qw(password email locked_pages)) { + if (length $form->field($field)) { + userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field"); + } + } + $form->text("Preferences saved."); + } - my ($page)=$q->param('page')=~/$wiki_file_regexp/; + print $session->header(); + print misctemplate($form->title, $form->render(submit => \@buttons)); +} #}}} + +sub cgi_editpage ($$) { #{{{ + my $q=shift; + my $session=shift; + + eval q{use CGI::FormBuilder}; + my $form = CGI::FormBuilder->new( + fields => [qw(do rcsinfo from page content comments)], + header => 1, + method => 'POST', + validate => { + content => '/.+/', + }, + required => [qw{content}], + javascript => 0, + params => $q, + action => $q->request_uri, + table => 0, + template => "$config{templatedir}/editpage.tmpl" + ); + my @buttons=("Save Page", "Preview", "Cancel"); + + my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/; if (! defined $page || ! length $page || $page ne $q->param('page') || - $page=~/$wiki_file_prune_regexp/ || $page=~/^\//) { + $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) { error("bad page name"); } $page=lc($page); - my $action=$q->request_uri; - $action=~s/\?.*//; - - if ($do eq 'create') { - if (exists $pagesources{lc($page)}) { - # hmm, someone else made the page in the meantime? - print $q->redirect("$url/".htmlpage($page)); - } + my $file=$page.$config{default_pageext}; + my $newfile=1; + if (exists $pagesources{lc($page)}) { + $file=$pagesources{lc($page)}; + $newfile=0; + } - my @page_locs; - my ($from)=$q->param('from')=~/$wiki_file_regexp/; - if (! defined $from || ! length $from || - $from ne $q->param('from') || - $from=~/$wiki_file_prune_regexp/ || $from=~/^\//) { - @page_locs=$page; - } - else { - my $dir=$from."/"; - $dir=~s![^/]+/$!!; - push @page_locs, $dir.$page; - push @page_locs, "$from/$page"; - while (length $dir) { + $form->field(name => "do", type => 'hidden'); + $form->field(name => "from", type => 'hidden'); + $form->field(name => "rcsinfo", type => 'hidden'); + $form->field(name => "page", value => "$page", force => 1); + $form->field(name => "comments", type => "text", size => 80); + $form->field(name => "content", type => "textarea", rows => 20, + cols => 80); + $form->tmpl_param("can_commit", $config{svn}); + $form->tmpl_param("indexlink", indexlink()); + $form->tmpl_param("helponformattinglink", + htmllink("", "HelpOnFormatting", 1)); + if (! $form->submitted) { + $form->field(name => "rcsinfo", value => rcs_prepedit($file), + force => 1); + } + + if ($form->submitted eq "Cancel") { + print $q->redirect("$config{url}/".htmlpage($page)); + return; + } + elsif ($form->submitted eq "Preview") { + $form->tmpl_param("page_preview", + htmlize($config{default_pageext}, + linkify($form->field('content'), $page))); + } + else { + $form->tmpl_param("page_preview", ""); + } + $form->tmpl_param("page_conflict", ""); + + if (! $form->submitted || $form->submitted eq "Preview" || + ! $form->validate) { + if ($form->field("do") eq "create") { + if (exists $pagesources{lc($page)}) { + # hmm, someone else made the page in the + # meantime? + print $q->redirect("$config{url}/".htmlpage($page)); + return; + } + + my @page_locs; + my $best_loc; + my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/; + if (! defined $from || ! length $from || + $from ne $form->param('from') || + $from=~/$config{wiki_file_prune_regexp}/ || $from=~/^\//) { + @page_locs=$best_loc=$page; + } + else { + my $dir=$from."/"; $dir=~s![^/]+/$!!; + + if ($page eq 'discussion') { + $best_loc="$from/$page"; + } + else { + $best_loc=$dir.$page; + } + push @page_locs, $dir.$page; + push @page_locs, "$from/$page"; + while (length $dir) { + $dir=~s![^/]+/$!!; + push @page_locs, $dir.$page; + } + + @page_locs = grep { + ! exists $pagesources{lc($_)} && + ! page_locked($_, $session, 1) + } @page_locs; } + + $form->tmpl_param("page_select", 1); + $form->field(name => "page", type => 'select', + options => \@page_locs, value => $best_loc); + $form->title("creating $page"); } - - $q->param("do", "save"); - print $q->header, - $q->start_html("Creating $page"), - $q->h1(indexlink()." Creating $page"), - $q->start_form(-action => $action), - $q->hidden('do'), - "Select page location:", - $q->popup_menu('page', \@page_locs), - $q->textarea(-name => 'content', - -default => "", - -rows => 20, - -columns => 80), - $q->br, - "Optional comment about this change:", - $q->br, - $q->textfield(-name => "comments", -size => 80), - $q->br, - $q->submit("Save Page"), - $q->end_form, - $q->end_html; - } - elsif ($do eq 'edit') { - my $content=""; - if (exists $pagesources{lc($page)}) { - $content=readfile("$srcdir/$pagesources{lc($page)}"); - $content=~s/\n/\r\n/g; - } - $q->param("do", "save"); - print $q->header, - $q->start_html("Editing $page"), - $q->h1(indexlink()." Editing $page"), - $q->start_form(-action => $action), - $q->hidden('do'), - $q->hidden('page'), - $q->textarea(-name => 'content', - -default => $content, - -rows => 20, - -columns => 80), - $q->br, - "Optional comment about this change:", - $q->br, - $q->textfield(-name => "comments", -size => 80), - $q->br, - $q->submit("Save Page"), - $q->end_form, - $q->end_html; - } - elsif ($do eq 'save') { - my $file=$page.$default_pagetype; - my $newfile=1; - if (exists $pagesources{lc($page)}) { - $file=$pagesources{lc($page)}; - $newfile=0; + elsif ($form->field("do") eq "edit") { + page_locked($page, $session); + if (! defined $form->field('content') || + ! length $form->field('content')) { + my $content=""; + if (exists $pagesources{lc($page)}) { + $content=readfile("$config{srcdir}/$pagesources{lc($page)}"); + $content=~s/\n/\r\n/g; + } + $form->field(name => "content", value => $content, + force => 1); + } + $form->tmpl_param("page_select", 0); + $form->field(name => "page", type => 'hidden'); + $form->title("editing $page"); } - my $content=$q->param('content'); + print $form->render(submit => \@buttons); + } + else { + # save page + page_locked($page, $session); + + my $content=$form->field('content'); $content=~s/\r\n/\n/g; $content=~s/\r/\n/g; - writefile("$srcdir/$file", $content); + writefile("$config{srcdir}/$file", $content); - my $message="web commit from $ENV{REMOTE_ADDR}"; - if (defined $q->param('comments')) { - $message.=": ".$q->param('comments'); + my $message="web commit "; + if (length $session->param("name")) { + $message.="by ".$session->param("name"); + } + else { + $message.="from $ENV{REMOTE_ADDR}"; + } + if (defined $form->field('comments') && + length $form->field('comments')) { + $message.=": ".$form->field('comments'); } - if ($svn) { + if ($config{svn}) { if ($newfile) { rcs_add($file); } + # prevent deadlock with post-commit hook + unlockwiki(); # presumably the commit will trigger an update # of the wiki - rcs_commit($message); + my $conflict=rcs_commit($file, $message, + $form->field("rcsinfo")); + + if (defined $conflict) { + $form->field(name => "rcsinfo", value => rcs_prepedit($file), + force => 1); + $form->tmpl_param("page_conflict", 1); + $form->field("content", value => $conflict, force => 1); + $form->field("do", "edit)"); + $form->tmpl_param("page_select", 0); + $form->field(name => "page", type => 'hidden'); + $form->title("editing $page"); + print $form->render(submit => \@buttons); + return; + } } else { + loadindex(); refresh(); + saveindex(); } - print $q->redirect("$url/".htmlpage($page)); + # The trailing question mark tries to avoid broken + # caches and get the most recent version of the page. + print $q->redirect("$config{url}/".htmlpage($page)."?updated"); + } +} #}}} + +sub cgi () { #{{{ + eval q{use CGI}; + eval q{use CGI::Session}; + + my $q=CGI->new; + + my $do=$q->param('do'); + if (! defined $do || ! length $do) { + error("\"do\" parameter missing"); + } + + # This does not need a session. + if ($do eq 'recentchanges') { + cgi_recentchanges($q); + return; + } + + CGI::Session->name("ikiwiki_session"); + + my $oldmask=umask(077); + my $session = CGI::Session->new("driver:db_file", $q, + { FileName => "$config{srcdir}/.ikiwiki/sessions.db" }); + umask($oldmask); + + # Everything below this point needs the user to be signed in. + if ((! $config{anonok} && ! defined $session->param("name") || + ! defined $session->param("name") || + ! userinfo_get($session->param("name"), "regdate")) || $do eq 'signin') { + cgi_signin($q, $session); + + # Force session flush with safe umask. + my $oldmask=umask(077); + $session->flush; + umask($oldmask); + + return; + } + + if ($do eq 'create' || $do eq 'edit') { + cgi_editpage($q, $session); + } + elsif ($do eq 'prefs') { + cgi_prefs($q, $session); } else { error("unknown do parameter"); } } #}}} -# main {{{ -my $rebuild=0; -my $wrapper=0; -if (grep /^-/, @ARGV) { - eval {use Getopt::Long}; - GetOptions( - "wikiname=s" => \$wikiname, - "verbose|v" => \$verbose, - "rebuild" => \$rebuild, - "wrapper" => \$wrapper, - "svn!" => \$svn, - "anonok!" => \$anonok, - "cgi" => \$cgi, - "url=s" => \$url, - "cgiurl=s" => \$cgiurl, - "historyurl=s" => \$historyurl, - ) || usage(); -} -usage() unless @ARGV == 3; -($srcdir) = possibly_foolish_untaint(shift); -($templatedir) = possibly_foolish_untaint(shift); -($destdir) = possibly_foolish_untaint(shift); +sub setup () { # {{{ + my $setup=possibly_foolish_untaint($config{setup}); + delete $config{setup}; + open (IN, $setup) || error("read $setup: $!\n"); + local $/=undef; + my $code=; + ($code)=$code=~/(.*)/s; + close IN; -if ($cgi && ! length $url) { - error("Must specify url to wiki with --url when using --cgi"); -} + eval $code; + error($@) if $@; + exit; +} #}}} -gen_wrapper($svn, $rebuild) if $wrapper; +# main {{{ +setup() if $config{setup}; +lockwiki(); +if ($config{wrapper}) { + gen_wrapper(%config); + exit; +} memoize('pagename'); memoize('bestlink'); -loadindex() unless $rebuild; -if ($cgi) { +loadindex() unless $config{rebuild}; +if ($config{cgi}) { cgi(); } else { - rcs_update() if $svn; + rcs_update() if $config{svn}; refresh(); saveindex(); }