X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/9d9826a3d29ca30802399ae2e66b4d457eccd2be..46a98c8a4d72e8be0fd5e683a83745d529b2c3c3:/IkiWiki/Plugin/rename.pm?ds=inline diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm index c3e03496f..ad5e72645 100644 --- a/IkiWiki/Plugin/rename.pm +++ b/IkiWiki/Plugin/rename.pm @@ -18,6 +18,7 @@ sub getsetup () { plugin => { safe => 1, rebuild => 0, + section => "web", }, } @@ -49,7 +50,7 @@ sub check_canrename ($$$$$$) { IkiWiki::check_canedit($src, $q, $session); if ($attachment) { if (IkiWiki::Plugin::attachment->can("check_canattach")) { - IkiWiki::Plugin::attachment::check_canattach($session, $src, $srcfile); + IkiWiki::Plugin::attachment::check_canattach($session, $src, "$config{srcdir}/$srcfile"); } else { error("renaming of attachments is not allowed"); @@ -62,9 +63,8 @@ sub check_canrename ($$$$$$) { error(gettext("no change to the file name was specified")); } - # Must be a legal filename, and not absolute. - if (IkiWiki::file_pruned($destfile, $config{srcdir}) || - $destfile=~/^\//) { + # Must be a legal filename. + if (IkiWiki::file_pruned($destfile)) { error(sprintf(gettext("illegal name"))); } @@ -84,7 +84,7 @@ sub check_canrename ($$$$$$) { if ($attachment) { # Note that $srcfile is used here, not $destfile, # because it wants the current file, to check it. - IkiWiki::Plugin::attachment::check_canattach($session, $dest, $srcfile); + IkiWiki::Plugin::attachment::check_canattach($session, $dest, "$config{srcdir}/$srcfile"); } } @@ -108,6 +108,7 @@ sub check_canrename ($$$$$$) { } } }); + return defined $canrename ? $canrename : 1; } sub rename_form ($$$) { @@ -126,11 +127,13 @@ sub rename_form ($$$) { javascript => 0, params => $q, action => $config{cgiurl}, - stylesheet => IkiWiki::baseurl()."style.css", + stylesheet => 1, fields => [qw{do page new_name attachment}], ); $f->field(name => "do", type => "hidden", value => "rename", force => 1); + $f->field(name => "sid", type => "hidden", value => $session->id, + force => 1); $f->field(name => "page", type => "hidden", value => $page, force => 1); $f->field(name => "new_name", value => pagetitle($page, 1), size => 60); if (!$q->param("attachment")) { @@ -235,6 +238,7 @@ sub formbuilder (@) { if (defined $form->field("do") && ($form->field("do") eq "edit" || $form->field("do") eq "create")) { + IkiWiki::decode_form_utf8($form); my $q=$params{cgi}; my $session=$params{session}; @@ -242,7 +246,7 @@ sub formbuilder (@) { rename_start($q, $session, 0, $form->field("page")); } elsif ($form->submitted eq "Rename Attachment") { - my @selected=$q->param("attachment_select"); + my @selected=map { Encode::decode_utf8($_) } $q->param("attachment_select"); if (@selected > 1) { error(gettext("Only one attachment can be renamed at a time.")); } @@ -278,21 +282,23 @@ sub sessioncgi ($$) { if ($q->param("do") eq 'rename') { my $session=shift; - my ($form, $buttons)=rename_form($q, $session, $q->param("page")); + my ($form, $buttons)=rename_form($q, $session, Encode::decode_utf8($q->param("page"))); IkiWiki::decode_form_utf8($form); if ($form->submitted eq 'Cancel') { postrename($session); } elsif ($form->submitted eq 'Rename' && $form->validate) { + IkiWiki::checksessionexpiry($q, $session, $q->param('sid')); + # Queue of rename actions to perfom. my @torename; # These untaints are safe because of the checks # performed in check_canrename later. - my $src=$q->param("page"); + my $src=$form->field("page"); my $srcfile=IkiWiki::possibly_foolish_untaint($pagesources{$src}); - my $dest=IkiWiki::possibly_foolish_untaint(titlepage($q->param("new_name"))); + my $dest=IkiWiki::possibly_foolish_untaint(titlepage($form->field("new_name"))); my $destfile=$dest; if (! $q->param("attachment")) { my $type=$q->param('type'); @@ -344,8 +350,9 @@ sub sessioncgi ($$) { $pagesources{$rename->{src}}=$rename->{destfile}; } IkiWiki::rcs_commit_staged( - sprintf(gettext("rename %s to %s"), $srcfile, $destfile), - $session->param("name"), $ENV{REMOTE_ADDR}) if $config{rcs}; + message => sprintf(gettext("rename %s to %s"), $srcfile, $destfile), + session => $session, + ) if $config{rcs}; # Then link fixups. foreach my $rename (@torename) { @@ -570,8 +577,8 @@ sub fixlinks ($$$) { $file, sprintf(gettext("update for rename of %s to %s"), $rename->{srcfile}, $rename->{destfile}), $token, - $session->param("name"), - $ENV{REMOTE_ADDR} + $session->param("name"), + $session->remote_addr(), ); push @fixedlinks, $page if ! defined $conflict; }