summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
2a64eea)
This was needed due to emailauth, but I've also wrapped all IP address
exposure in cloak(), although the function doesn't yet cloak IP addresses.
(One IP address I didn't cloak is the one that appears on the password
reset email template. That is expected to be the user's own IP address,
so ok to show it to them.)
Thanks to smcv for the pointer to
http://xmlns.com/foaf/spec/#term_mbox_sha1sum
14 files changed:
return length $config{userdir} ? "$config{userdir}/$user" : $user;
}
return length $config{userdir} ? "$config{userdir}/$user" : $user;
}
+# Username to display for openid accounts.
sub openiduser ($) {
my $user=shift;
sub openiduser ($) {
my $user=shift;
+# Username to display for emailauth accounts.
sub emailuser ($) {
my $user=shift;
if (defined $user && $user =~ m/(.+)@/) {
sub emailuser ($) {
my $user=shift;
if (defined $user && $user =~ m/(.+)@/) {
+# Some user information should not be exposed in commit metadata, etc.
+# This generates a cloaked form of such information.
+sub cloak ($) {
+ my $user=shift;
+ # cloak email address using http://xmlns.com/foaf/spec/#term_mbox_sha1sum
+ if ($user=~m/(.+)@/) {
+ my $nick=$1;
+ eval q{use Digest::SHA};
+ return $user if $@;
+ return $nick.'@'.Digest::SHA::sha1_hex("mailto:$user");
+ }
+ else {
+ return $user;
+ }
+}
+
sub htmlize ($$$$) {
my $page=shift;
my $destpage=shift;
sub htmlize ($$$$) {
my $page=shift;
my $destpage=shift;
my $banned=0;
my $name=$session->param("name");
my $banned=0;
my $name=$session->param("name");
+ my $cloak=cloak($name) if defined $name;
- grep { $name eq $_ } @{$config{banned_users}}) {
+ grep { $name eq $_ || $cloak eq $_ } @{$config{banned_users}}) {
$banned=1;
}
foreach my $b (@{$config{banned_users}}) {
if (pagespec_match("", $b,
ip => $session->remote_addr(),
$banned=1;
}
foreach my $b (@{$config{banned_users}}) {
if (pagespec_match("", $b,
ip => $session->remote_addr(),
- name => defined $name ? $name : "",
- )) {
+ name => defined $name ? $name : "")
+ || pagespec_match("", $b,
+ ip => cloak($session->remote_addr()),
+ name => defined $cloak ? $cloak : "")) {
my $ipaddr=$session->remote_addr();
if (defined $user) {
my $ipaddr=$session->remote_addr();
if (defined $user) {
- return IkiWiki::possibly_foolish_untaint($user);
+ return IkiWiki::possibly_foolish_untaint(IkiWiki::cloak($user));
}
elsif (defined $ipaddr) {
}
elsif (defined $ipaddr) {
- return "Anonymous from ".IkiWiki::possibly_foolish_untaint($ipaddr);
+ return "Anonymous from ".IkiWiki::possibly_foolish_untaint(IkiWiki::cloak($ipaddr));
}
else {
return "Anonymous";
}
else {
return "Anonymous";
my $content = "[[!comment format=$type\n";
if (defined $session->param('name')) {
my $content = "[[!comment format=$type\n";
if (defined $session->param('name')) {
- my $username = $session->param('name');
+ my $username = IkiWiki::cloak($session->param('name'));
$username =~ s/"/"/g;
$content .= " username=\"$username\"\n";
}
$username =~ s/"/"/g;
$content .= " username=\"$username\"\n";
}
if (!(defined $session->param('name') || defined $session->param('nickname')) &&
defined $session->remote_addr()) {
if (!(defined $session->param('name') || defined $session->param('nickname')) &&
defined $session->remote_addr()) {
- $content .= " ip=\"".$session->remote_addr()."\"\n";
+ $content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n";
}
if ($config{comments_allowauthor}) {
}
if ($config{comments_allowauthor}) {
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
return "web commit by ".
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
return "web commit by ".
- $params{session}->param("name").
+ IkiWiki::cloak($params{session}->param("name")).
(length $params{message} ? ": $params{message}" : "");
}
elsif (defined $params{session}->remote_addr()) {
return "web commit from ".
(length $params{message} ? ": $params{message}" : "");
}
elsif (defined $params{session}->remote_addr()) {
return "web commit from ".
- $params{session}->remote_addr().
+ IkiWiki::cloak($params{session}->remote_addr()).
(length $params{message} ? ": $params{message}" : "");
}
}
(length $params{message} ? ": $params{message}" : "");
}
}
my $author="anon\@web";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
my $author="anon\@web";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
- return $params{session}->param("name").'@web';
+ return IkiWiki::cloak($params{session}->param("name")).'@web';
}
elsif (defined $params{session}->remote_addr()) {
}
elsif (defined $params{session}->remote_addr()) {
- return $params{session}->remote_addr().'@web';
+ return IkiWiki::cloak($params{session}->remote_addr()).'@web';
$u=$params{session}->remote_addr();
}
if (defined $u) {
$u=$params{session}->remote_addr();
}
if (defined $u) {
+ $u=encode_utf8(IkiWiki::cloak($u));
$ENV{GIT_AUTHOR_NAME}=$u;
}
if (defined $params{session}->param("nickname")) {
$ENV{GIT_AUTHOR_NAME}=$u;
}
if (defined $params{session}->param("nickname")) {
my $user="Anonymous";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
my $user="Anonymous";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
- $user = $params{session}->param("name");
+ $user = IkiWiki::cloak($params{session}->param("name"));
}
elsif (defined $params{session}->remote_addr()) {
}
elsif (defined $params{session}->remote_addr()) {
- $user = $params{session}->remote_addr();
+ $user = IkiWiki::cloak($params{session}->remote_addr());
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
- return "Web user: " . $params{session}->param("name");
+ return "Web user: " . IkiWiki::cloak($params{session}->param("name"));
}
elsif (defined $params{session}->remote_addr()) {
}
elsif (defined $params{session}->remote_addr()) {
- return "Web IP: " . $params{session}->remote_addr();
+ return "Web IP: " . IkiWiki::cloak($params{session}->remote_addr());
}
}
return "Web: Anonymous";
}
}
return "Web: Anonymous";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
return "web commit by ".
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
return "web commit by ".
- $params{session}->param("name").
+ IkiWiki::cloak($params{session}->param("name")).
(length $params{message} ? ": $params{message}" : "");
}
elsif (defined $params{session}->remote_addr()) {
return "web commit from ".
(length $params{message} ? ": $params{message}" : "");
}
elsif (defined $params{session}->remote_addr()) {
return "web commit from ".
- $params{session}->remote_addr().
+ IkiWiki::cloak($params{session}->remote_addr()).
(length $params{message} ? ": $params{message}" : "");
}
}
(length $params{message} ? ": $params{message}" : "");
}
}
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
$message="web commit by ".
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
$message="web commit by ".
- $params{session}->param("name").
+ IkiWiki::cloak($params{session}->param("name")).
(length $message ? ": $message" : "");
}
elsif (defined $params{session}->remote_addr()) {
$message="web commit from ".
(length $message ? ": $message" : "");
}
elsif (defined $params{session}->remote_addr()) {
$message="web commit from ".
- $params{session}->remote_addr().
+ IkiWiki::cloak($params{session}->remote_addr()).
(length $message ? ": $message" : "");
}
}
(length $message ? ": $message" : "");
}
}
If a banned user attempts to use the ikiwiki CGI, they will receive a 403
Forbidden webpage indicating they are banned.
If a banned user attempts to use the ikiwiki CGI, they will receive a 403
Forbidden webpage indicating they are banned.
+
+Note that when [[plugins/emailauth]] is used, the user's email address
+is displayed in cloaked form in commits of their edits. This cloaked email
+address can be used as-is in the `banned_users` setting.
Users who have logged in using emailauth will have their email address used as
their username. In places where the username is displayed, like the
RecentChanges page, the domain will be omitted, to avoid exposing the
Users who have logged in using emailauth will have their email address used as
their username. In places where the username is displayed, like the
RecentChanges page, the domain will be omitted, to avoid exposing the
-user's email address. Note though that the email address will be visible
-when looking at eg, commits in the git repository.
+user's email address. In places where the full username needs to be put,
+like commits of changes, the email address is cloaked using
+<a href="http://xmlns.com/foaf/spec/#term_mbox_sha1sum">the
+foaf:mbox_sha1sum spec</a>.
This plugin needs the [[!cpan Mail::SendMail]] perl module installed,
and able to send outgoing email.
This plugin needs the [[!cpan Mail::SendMail]] perl module installed,
and able to send outgoing email.
>>> from `smcv <smcv@debian.org>` - if the hash is of `mailto:whatever`
>>> (like my example one) then it's compatible with
>>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum).
>>> from `smcv <smcv@debian.org>` - if the hash is of `mailto:whatever`
>>> (like my example one) then it's compatible with
>>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum).
+>>> --[[smcv]]a
+
+>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]]