check_canattach hooked up
Joey Hess
parent
4669eab596
commit
ad9e443f22
|
|
@ -9,6 +9,7 @@ use open qw{:utf8 :std};
|
||||||
|
|
||||||
my $sha1_pattern = qr/[0-9a-fA-F]{40}/; # pattern to validate Git sha1sums
|
my $sha1_pattern = qr/[0-9a-fA-F]{40}/; # pattern to validate Git sha1sums
|
||||||
my $dummy_commit_msg = 'dummy commit'; # message to skip in recent changes
|
my $dummy_commit_msg = 'dummy commit'; # message to skip in recent changes
|
||||||
|
my $no_chdir=0;
|
||||||
|
|
||||||
sub import { #{{{
|
sub import { #{{{
|
||||||
hook(type => "checkconfig", id => "git", call => \&checkconfig);
|
hook(type => "checkconfig", id => "git", call => \&checkconfig);
|
||||||
|
|
@ -127,8 +128,10 @@ sub safe_git (&@) { #{{{
|
||||||
if (!$pid) {
|
if (!$pid) {
|
||||||
# In child.
|
# In child.
|
||||||
# Git commands want to be in wc.
|
# Git commands want to be in wc.
|
||||||
chdir $config{srcdir}
|
if (! $no_chdir) {
|
||||||
or error("Cannot chdir to $config{srcdir}: $!");
|
chdir $config{srcdir}
|
||||||
|
or error("Cannot chdir to $config{srcdir}: $!");
|
||||||
|
}
|
||||||
exec @cmdline or error("Cannot exec '@cmdline': $!");
|
exec @cmdline or error("Cannot exec '@cmdline': $!");
|
||||||
}
|
}
|
||||||
# In parent.
|
# In parent.
|
||||||
|
|
@ -606,13 +609,20 @@ sub rcs_receive () { #{{{
|
||||||
while (<>) {
|
while (<>) {
|
||||||
chomp;
|
chomp;
|
||||||
my ($oldrev, $newrev, $refname) = split(' ', $_, 3);
|
my ($oldrev, $newrev, $refname) = split(' ', $_, 3);
|
||||||
|
|
||||||
# only allow changes to gitmaster_branch
|
# only allow changes to gitmaster_branch
|
||||||
if ($refname !~ /^refs\/heads\/\Q$config{gitmaster_branch}\E$/) {
|
if ($refname !~ /^refs\/heads\/\Q$config{gitmaster_branch}\E$/) {
|
||||||
error sprintf(gettext("you are not allowed to change %s"), $refname);
|
error sprintf(gettext("you are not allowed to change %s"), $refname);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Avoid chdir when running git here, because the changes
|
||||||
|
# are in the master git repo, not the srcdir repo.
|
||||||
|
# The pre-recieve hook already puts us in the right place.
|
||||||
|
$no_chdir=1;
|
||||||
|
my @changes=git_commit_info($oldrev."..".$newrev);
|
||||||
|
$no_chdir=0;
|
||||||
|
|
||||||
foreach my $ci (git_commit_info($oldrev."..".$newrev)) {
|
foreach my $ci (@changes) {
|
||||||
foreach my $detail (@{ $ci->{'details'} }) {
|
foreach my $detail (@{ $ci->{'details'} }) {
|
||||||
my $file = $detail->{'file'};
|
my $file = $detail->{'file'};
|
||||||
|
|
||||||
|
|
@ -623,8 +633,7 @@ sub rcs_receive () { #{{{
|
||||||
error sprintf(gettext("you are not allowed to change %s"), $file);
|
error sprintf(gettext("you are not allowed to change %s"), $file);
|
||||||
}
|
}
|
||||||
|
|
||||||
my $action;
|
my ($action, $mode, $path);
|
||||||
my $mode;
|
|
||||||
if ($detail->{'status'} =~ /^[M]+\d*$/) {
|
if ($detail->{'status'} =~ /^[M]+\d*$/) {
|
||||||
$action="change";
|
$action="change";
|
||||||
$mode=$detail->{'mode_to'};
|
$mode=$detail->{'mode_to'};
|
||||||
|
|
@ -632,6 +641,15 @@ sub rcs_receive () { #{{{
|
||||||
elsif ($detail->{'status'} =~ /^[AM]+\d*$/) {
|
elsif ($detail->{'status'} =~ /^[AM]+\d*$/) {
|
||||||
$action="add";
|
$action="add";
|
||||||
$mode=$detail->{'mode_to'};
|
$mode=$detail->{'mode_to'};
|
||||||
|
if (! pagetype($file)) {
|
||||||
|
eval q{use File::Temp};
|
||||||
|
die $@ if $@;
|
||||||
|
my $fh;
|
||||||
|
($fh, $path)=tempfile("XXXXXXXXXX", UNLINK => 1);
|
||||||
|
if (system("git show ".$detail->{sha1_to}." > '$path'") != 0) {
|
||||||
|
error("failed writing temp file");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
elsif ($detail->{'status'} =~ /^[DAM]+\d*/) {
|
elsif ($detail->{'status'} =~ /^[DAM]+\d*/) {
|
||||||
$action="remove";
|
$action="remove";
|
||||||
|
|
@ -654,6 +672,7 @@ sub rcs_receive () { #{{{
|
||||||
push @rets, {
|
push @rets, {
|
||||||
file => $file,
|
file => $file,
|
||||||
action => $action,
|
action => $action,
|
||||||
|
path => $path,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -66,11 +66,10 @@ sub test () { #{{{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
# TODO
|
if (IkiWiki::Plugin::attachment->can("check_canattach") &&
|
||||||
#if (IkiWiki::Plugin::attachment->can("check_canattach") &&
|
IkiWiki::Plugin::attachment::check_canattach($session, $file, $change->{path})) {
|
||||||
# IkiWiki::Plugin::attachment::check_canattach($session, $file, $path)) {
|
next;
|
||||||
# next;
|
}
|
||||||
#}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elsif ($change->{action} eq 'remove') {
|
elsif ($change->{action} eq 'remove') {
|
||||||
|
|
|
||||||
|
|
@ -829,13 +829,16 @@ sense to implement for all RCSs.
|
||||||
|
|
||||||
It should examine the incoming changes, and do any sanity
|
It should examine the incoming changes, and do any sanity
|
||||||
checks that are appropriate for the RCS to limit changes to safe file adds,
|
checks that are appropriate for the RCS to limit changes to safe file adds,
|
||||||
removes, and renames. If something bad is found, it should exit
|
removes, and changes. If something bad is found, it should exit
|
||||||
nonzero, to abort the push. Otherwise, it should return a list of
|
nonzero, to abort the push. Otherwise, it should return a list of
|
||||||
files that were changed, in the form:
|
files that were changed, in the form:
|
||||||
|
|
||||||
{
|
{
|
||||||
file => # name of file that was changed
|
file => # name of file that was changed
|
||||||
action => # either "add", "change", or "remove"
|
action => # either "add", "change", or "remove"
|
||||||
|
path => # temp file containing the new file content, only
|
||||||
|
# needed for "add", and only if the file is an
|
||||||
|
# attachment, not a page
|
||||||
}
|
}
|
||||||
|
|
||||||
The list will then be checked to make sure that each change is one that
|
The list will then be checked to make sure that each change is one that
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue