my %params=@_;
my $session=$params{session};
- if (exists $config{blogspam_pagespec}) {
- return undef
- if ! pagespec_match($params{page}, $config{blogspam_pagespec},
- location => $params{page});
+ my $spec='!admin()';
+ if (exists $config{blogspam_pagespec} &&
+ length $config{blogspam_pagespec}) {
+ $spec.=" and (".$config{blogspam_pagespec}.")";
}
+ my $user=$session->param("name");
+ return undef unless pagespec_match($params{page}, $spec,
+ (defined $user ? (user => $user) : ()),
+ (defined $session->remote_addr() ? (ip => $session->remote_addr()) : ()),
+ location => $params{page});
+
my $url=$defaulturl;
$url = $config{blogspam_server} if exists $config{blogspam_server};
# The untaint is OK (as in editpage) because we're about to pass
# it to file_pruned and wiki_file_regexp anyway.
- my $page = $form->field('page')=~/$config{wiki_file_regexp}/;
+ my ($page) = $form->field('page')=~/$config{wiki_file_regexp}/;
$page = IkiWiki::possibly_foolish_untaint($page);
if (! defined $page || ! length $page ||
IkiWiki::file_pruned($page)) {
# This untaint is safe because we check file_pruned and
# wiki_file_regexp.
my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/;
+ if (! defined $page) {
+ error(gettext("bad page name"));
+ }
$page=possibly_foolish_untaint($page);
my $absolute=($page =~ s#^/+##); # absolute name used to force location
if (! defined $page || ! length $page ||
if ($feeds) {
if ($rss) {
$rssurl=abs2rel($feedbase."rss".$feednum, dirname(htmlpage($params{destpage})));
- $rssdesc = gettext("%s (RSS feed)", $desc);
+ $rssdesc = sprintf(gettext("%s (RSS feed)"), $desc);
}
if ($atom) {
$atomurl=abs2rel($feedbase."atom".$feednum, dirname(htmlpage($params{destpage})));
- $atomdesc = gettext("%s (Atom feed)", $desc);
+ $atomdesc = sprintf(gettext("%s (Atom feed)"), $desc);
}
}
+ikiwiki (3.20110124) UNRELEASED; urgency=low
+
+ * comments: Fix commenting, broken by security fix.
+ * blogspam: Don't check modifications from admins for spam, and also
+ allow the blogspam_pagespec to do other matches against who the user is.
+ * inline: Fix regression in feed titles. Closes: #610878
+ (Thanks, Paul Wise)
+
+ -- Joey Hess <joeyh@debian.org> Mon, 24 Jan 2011 16:56:05 -0400
+
ikiwiki (3.20110123) unstable; urgency=low
* Adapt autoindex test suite to work with old Test::More.
The `blogspam_pagespec` setting is a [[ikiwiki/PageSpec]] that can be
used to configure which pages are checked for spam. The default is to check
all edits. If you only want to check [[comments]] (not wiki page edits),
-set it to "postcomment(*)".
+set it to "postcomment(*)". Posts by admins are never checked for spam.
By default, the blogspam.net server is used to do the spam checking. To
change this, the `blogspam_server` option can be set to the url for a