urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* The underscore escaping support exposed a bug in edit links: Such links 

were titlepage escaped in the urls, and then doubly escaped by the CGI
  when editing. To fix this, I removed the titlepage escaping in the edit
  urls.
* That means that *every edit link* on the wiki is potentially changed.
  Rebuilding wikis on upgrade to this version therefore necessary; enabled
  that in postinst.
master
joey 2007-03-08 06:03:59 +00:00
parent 8430ee09e5
commit c1b698e418
8 changed files with 53 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
IkiWiki.pm
View File

@ -5,6 +5,7 @@ use warnings;
use strict; use strict;
use Encode; use Encode;
use HTML::Entities; use HTML::Entities;
use URI::Escape;
use open qw{:utf8 :std}; use open qw{:utf8 :std};
use vars qw{%config %links %oldlinks %oldpagemtime %pagectime %pagecase use vars qw{%config %links %oldlinks %oldpagemtime %pagectime %pagecase
@ -385,7 +386,8 @@ sub linkpage ($) { #{{{
sub cgiurl (@) { #{{{ sub cgiurl (@) { #{{{
my %params=@_; my %params=@_;
return $config{cgiurl}."?".join("&", map "$_=$params{$_}", keys %params); return $config{cgiurl}."?".
join("&", map $_."=".uri_escape($params{$_}), keys %params);
} #}}} } #}}}
sub baseurl (;$) { #{{{ sub baseurl (;$) { #{{{
@ -453,7 +455,11 @@ sub htmllink ($$$;@) { #{{{
if (! grep { $_ eq $bestlink } map { @{$_} } values %renderedfiles) { if (! grep { $_ eq $bestlink } map { @{$_} } values %renderedfiles) {
return $linktext unless length $config{cgiurl}; return $linktext unless length $config{cgiurl};
return "<span><a href=\"". return "<span><a href=\"".
cgiurl(do => "create", page => lc($link), from => $page). cgiurl(
do => "create",
page => pagetitle(lc($link), 1),
from => $page
).
"\">?</a>$linktext</span>" "\">?</a>$linktext</span>"
} }

13
IkiWiki/CGI.pm
View File

@ -286,10 +286,9 @@ sub cgi_prefs ($$) { #{{{
} }
} #}}} } #}}}
sub cgi_editpage ($$;$) { #{{{ sub cgi_editpage ($$) { #{{{
my $q=shift; my $q=shift;
my $session=shift; my $session=shift;
my $blogpost=shift;
my @fields=qw(do rcsinfo subpage from page type editcontent comments my @fields=qw(do rcsinfo subpage from page type editcontent comments
newfile); newfile);
@ -323,9 +322,6 @@ sub cgi_editpage ($$;$) { #{{{
# characters. # characters.
my ($page)=$form->field('page'); my ($page)=$form->field('page');
$page=titlepage(possibly_foolish_untaint($page)); $page=titlepage(possibly_foolish_untaint($page));
if ($blogpost) {
$page=~s/(\/)/"__".ord($1)."__"/eg;
}
if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) { if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
error("bad page name"); error("bad page name");
} }
@ -362,7 +358,7 @@ sub cgi_editpage ($$;$) { #{{{
$form->field(name => "from", type => 'hidden'); $form->field(name => "from", type => 'hidden');
$form->field(name => "rcsinfo", type => 'hidden'); $form->field(name => "rcsinfo", type => 'hidden');
$form->field(name => "subpage", type => 'hidden'); $form->field(name => "subpage", type => 'hidden');
$form->field(name => "page", value => $page, force => 1); $form->field(name => "page", value => pagetitle($page, 1), force => 1);
$form->field(name => "type", value => $type, force => 1); $form->field(name => "type", value => $type, force => 1);
$form->field(name => "comments", type => "text", size => 80); $form->field(name => "comments", type => "text", size => 80);
$form->field(name => "editcontent", type => "textarea", rows => 20, $form->field(name => "editcontent", type => "textarea", rows => 20,
@ -686,6 +682,7 @@ sub cgi (;$$) { #{{{
} }
elsif ($do eq 'blog') { elsif ($do eq 'blog') {
my $page=decode_utf8($q->param('title')); my $page=decode_utf8($q->param('title'));
$page=~s/\///g; # no slashes in blog posts
# if the page already exists, munge it to be unique # if the page already exists, munge it to be unique
my $from=$q->param('from'); my $from=$q->param('from');
my $add=""; my $add="";
@ -694,9 +691,9 @@ sub cgi (;$$) { #{{{
$add++; $add++;
} }
$q->param('page', $page.$add); $q->param('page', $page.$add);
# now run same as create, except escape slashes too # now run same as create
$q->param('do', 'create'); $q->param('do', 'create');
cgi_editpage($q, $session, 1); cgi_editpage($q, $session);
} }
elsif ($do eq 'postsignin') { elsif ($do eq 'postsignin') {
error(gettext("login failed, perhaps you need to turn on cookies?")); error(gettext("login failed, perhaps you need to turn on cookies?"));

2
IkiWiki/Plugin/inline.pm
View File

@ -184,7 +184,7 @@ sub preprocess_inline (@) { #{{{
} }
if (length $config{cgiurl} && defined $type) { if (length $config{cgiurl} && defined $type) {
$template->param(have_actions => 1); $template->param(have_actions => 1);
$template->param(editurl => cgiurl(do => "edit", page => $page)); $template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1)));
} }
} }

2
IkiWiki/Render.pm
View File

@ -79,7 +79,7 @@ sub genpage ($$$) { #{{{
my $actions=0; my $actions=0;
if (length $config{cgiurl}) { if (length $config{cgiurl}) {
$template->param(editurl => cgiurl(do => "edit", page => $page)); $template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1)));
$template->param(prefsurl => cgiurl(do => "prefs")); $template->param(prefsurl => cgiurl(do => "prefs"));
if ($config{rcs}) { if ($config{rcs}) {
$template->param(recentchangesurl => cgiurl(do => "recentchanges")); $template->param(recentchangesurl => cgiurl(do => "recentchanges"));

20
debian/NEWS vendored
View File

@ -1,11 +1,19 @@
ikiwiki (1.45) unstable; urgency=low
Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
in /etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 23:02:52 -0500
ikiwiki (1.44) unstable; urgency=low ikiwiki (1.44) unstable; urgency=low
The htmllink() function has changed slightly and plugins that use it may The htmllink() function has changed slightly and plugins that use it may
need to change how they call it. This function's first three parameters need to change how they call it. This function's first three parameters
are unchanged, but additional options are now passed using named are unchanged, but additional options are now passed using named
parameters. If you used htmllink with more than 3 parameters, you will parameters. If you used htmllink with more than 3 parameters, you will
need to change it. The plugin interface version has been increased to 1.02 need to change it. The plugin interface version has been increased to 1.02
to reflect this change. to reflect this change.
-- Joey Hess <joeyh@debian.org> Mon, 19 Feb 2007 21:10:12 -0500 -- Joey Hess <joeyh@debian.org> Mon, 19 Feb 2007 21:10:12 -0500

9
debian/changelog vendored
View File

@ -18,8 +18,15 @@ ikiwiki (1.45) UNRELEASED; urgency=low
* Fix some nasty issues with page name escaping during previewing * Fix some nasty issues with page name escaping during previewing
(introduced in 1.44). (introduced in 1.44).
* Add a table plugin, derived from the one written by Victor Moral. * Add a table plugin, derived from the one written by Victor Moral.
* The underscore escaping support exposed a bug in edit links: Such links
were titlepage escaped in the urls, and then doubly escaped by the CGI
when editing. To fix this, I removed the titlepage escaping in the edit
urls.
* That means that *every edit link* on the wiki is potentially changed.
Rebuilding wikis on upgrade to this version therefore necessary; enabled
that in postinst.
-- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 06:26:51 -0500 -- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 22:58:52 -0500
ikiwiki (1.44) unstable; urgency=low ikiwiki (1.44) unstable; urgency=low

2
debian/postinst vendored
View File

@ -4,7 +4,7 @@ set -e
# Change this when some incompatible change is made that requires # Change this when some incompatible change is made that requires
# rebuilding all wikis. # rebuilding all wikis.
firstcompat=1.29 firstcompat=1.45
if [ "$1" = configure ] && \ if [ "$1" = configure ] && \
dpkg --compare-versions "$2" lt "$firstcompat"; then dpkg --compare-versions "$2" lt "$firstcompat"; then

30
po/ikiwiki.pot
View File

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-03-07 07:04-0500\n" "POT-Creation-Date: 2007-03-08 00:56-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -24,33 +24,33 @@ msgstr ""
msgid "Preferences saved." msgid "Preferences saved."
msgstr "" msgstr ""
#: ../IkiWiki/CGI.pm:344 #: ../IkiWiki/CGI.pm:340
#, perl-format #, perl-format
msgid "%s is not an editable page" msgid "%s is not an editable page"
msgstr "" msgstr ""
#: ../IkiWiki/CGI.pm:431 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/CGI.pm:427 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:172 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/inline.pm:172 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165 #: ../IkiWiki/Render.pm:165
msgid "discussion" msgid "discussion"
msgstr "" msgstr ""
#: ../IkiWiki/CGI.pm:477 #: ../IkiWiki/CGI.pm:473
#, perl-format #, perl-format
msgid "creating %s" msgid "creating %s"
msgstr "" msgstr ""
#: ../IkiWiki/CGI.pm:494 ../IkiWiki/CGI.pm:530 ../IkiWiki/CGI.pm:574 #: ../IkiWiki/CGI.pm:490 ../IkiWiki/CGI.pm:526 ../IkiWiki/CGI.pm:570
#, perl-format #, perl-format
msgid "editing %s" msgid "editing %s"
msgstr "" msgstr ""
#: ../IkiWiki/CGI.pm:671 #: ../IkiWiki/CGI.pm:667
msgid "You are banned." msgid "You are banned."
msgstr "" msgstr ""
#: ../IkiWiki/CGI.pm:702 #: ../IkiWiki/CGI.pm:699
msgid "login failed, perhaps you need to turn on cookies?" msgid "login failed, perhaps you need to turn on cookies?"
msgstr "" msgstr ""
@ -363,23 +363,23 @@ msgstr ""
msgid "failed to run php" msgid "failed to run php"
msgstr "" msgstr ""
#: ../IkiWiki/Plugin/table.pm:34 #: ../IkiWiki/Plugin/table.pm:22
msgid "cannot find file" msgid "cannot find file"
msgstr "" msgstr ""
#: ../IkiWiki/Plugin/table.pm:59 #: ../IkiWiki/Plugin/table.pm:45
msgid "unknown data format" msgid "unknown data format"
msgstr "" msgstr ""
#: ../IkiWiki/Plugin/table.pm:67 #: ../IkiWiki/Plugin/table.pm:53
msgid "empty data" msgid "empty data"
msgstr "" msgstr ""
#: ../IkiWiki/Plugin/table.pm:77 #: ../IkiWiki/Plugin/table.pm:73
msgid "Direct data download" msgid "Direct data download"
msgstr "" msgstr ""
#: ../IkiWiki/Plugin/table.pm:124 #: ../IkiWiki/Plugin/table.pm:106
#, perl-format #, perl-format
msgid "parse fail at line %d: %s" msgid "parse fail at line %d: %s"
msgstr "" msgstr ""
@ -520,11 +520,11 @@ msgstr ""
msgid "usage: ikiwiki [options] source dest" msgid "usage: ikiwiki [options] source dest"
msgstr "" msgstr ""
#: ../IkiWiki.pm:102 #: ../IkiWiki.pm:103
msgid "Must specify url to wiki with --url when using --cgi" msgid "Must specify url to wiki with --url when using --cgi"
msgstr "" msgstr ""
#: ../IkiWiki.pm:149 ../IkiWiki.pm:150 #: ../IkiWiki.pm:150 ../IkiWiki.pm:151
msgid "Error" msgid "Error"
msgstr "" msgstr ""
@ -532,7 +532,7 @@ msgstr ""
#. translators: preprocessor directive name, #. translators: preprocessor directive name,
#. translators: the second a page name, the #. translators: the second a page name, the
#. translators: third a number. #. translators: third a number.
#: ../IkiWiki.pm:567 #: ../IkiWiki.pm:573
#, perl-format #, perl-format
msgid "%s preprocessing loop detected on %s at depth %i" msgid "%s preprocessing loop detected on %s at depth %i"
msgstr "" msgstr ""