IkiWiki/Receive.pm

   1 #!/usr/bin/perl
   2
   3 package IkiWiki::Receive;
   4
   5 use warnings;
   6 use strict;
   7 use IkiWiki;
   8
   9 sub getuser () { #{{{
  10         my $user=(getpwuid($<))[0];
  11         if (! defined $user) {
  12                 error("cannot determine username for $<");
  13         }
  14         return $user;
  15 } #}}}
  16
  17 sub trusted () { #{{{
  18         my $user=getuser();
  19         return ! ref $config{untrusted_committers} ||
  20                 ! grep { $_ eq $user } @{$config{untrusted_committers}};
  21 } #}}}
  22
  23 sub test () { #{{{
  24         exit 0 if trusted();
  25         IkiWiki::rcs_test_receive();
  26
  27         # Dummy up a cgi environment to use when calling check_canedit
  28         # and friends.
  29         eval q{use CGI};
  30         error($@) if $@;
  31         my $cgi=CGI->new;
  32         require IkiWiki::CGI;
  33         my $session=IkiWiki::cgi_getsession($cgi);
  34         my $user=getuser();
  35         $session->param("name", $user);
  36         $ENV{REMOTE_ADDR}='unknown' unless exists $ENV{REMOTE_ADDR};
  37
  38         lockwiki();
  39         loadindex();
  40
  41         my %newfiles;
  42
  43         foreach my $change (IkiWiki::rcs_receive()) {
  44                 # This untaint is safe because we check file_pruned and
  45                 # wiki_file_regexp.
  46                 my $file=$change->{file}=~/$config{wiki_file_regexp}/;
  47                 $file=possibly_foolish_untaint($file);
  48                 if (! defined $file || ! length $file ||
  49                     IkiWiki::file_pruned($file, $config{srcdir})) {
  50                         error(gettext("bad file name"));
  51                 }
  52
  53                 my $type=pagetype($file);
  54                 my $page=pagename($file) if defined $type;
  55
  56                 if ($change->{action} eq 'add') {
  57                         $newfiles{$file}=1;
  58                 }
  59
  60                 if ($change->{action} eq 'change' ||
  61                     $change->{action} eq 'add') {
  62                         if (defined $page) {
  63                                 if (IkiWiki->can("check_canedit") &&
  64                                     IkiWiki::check_canedit($page, $cgi, $session)) {
  65                                         next;
  66                                 }
  67                         }
  68                         else {
  69                                 if (IkiWiki::Plugin::attachment->can("check_canattach") &&
  70                                     IkiWiki::Plugin::attachment::check_canattach($session, $file, $change->{path})) {
  71                                         next;
  72                                 }
  73                         }
  74                 }
  75                 elsif ($change->{action} eq 'remove') {
  76                         # check_canremove tests to see if the file is present
  77                         # on disk. This will fail is a single commit adds a
  78                         # file and then removes it again. Avoid the problem
  79                         # by not testing the removal in such pairs of changes.
  80                         # (The add is still tested, just to make sure that
  81                         # no data is added to the repo that a web edit
  82                         # could add.)
  83                         next if $newfiles{$file};
  84
  85                         if (IkiWiki::Plugin::remove->can("check_canremove") &&
  86                             IkiWiki::Plugin::remove::check_canremove(defined $page ? $page : $file, $cgi, $session)) {
  87                                 next;
  88                         }
  89                 }
  90                 else {
  91                         error "unknown action ".$change->{action};
  92                 }
  93
  94                 error sprintf(gettext("you are not allowed to change %s"), $file);
  95         }
  96
  97         exit 0;
  98 } #}}}
  99
 100 1