IkiWiki/Receive.pm

   1 #!/usr/bin/perl
   2
   3 package IkiWiki::Receive;
   4
   5 use warnings;
   6 use strict;
   7 use IkiWiki;
   8
   9 sub getuser () { #{{{
  10         my $user=(getpwuid($<))[0];
  11         if (! defined $user) {
  12                 error("cannot determine username for $<");
  13         }
  14         return $user;
  15 } #}}}
  16
  17 sub trusted () { #{{{
  18         my $user=getuser();
  19         return ! ref $config{untrusted_committers} ||
  20                 ! grep { $_ eq $user } @{$config{untrusted_committers}};
  21 } #}}}
  22
  23 sub test () { #{{{
  24         exit 0 if trusted();
  25
  26         # Dummy up a cgi environment to use when calling check_canedit
  27         # and friends.
  28         eval q{use CGI};
  29         error($@) if $@;
  30         my $cgi=CGI->new;
  31         require IkiWiki::CGI;
  32         my $session=IkiWiki::cgi_getsession($cgi);
  33         $session->param("name", getuser());
  34         $ENV{REMOTE_ADDR}='unknown' unless exists $ENV{REMOTE_ADDR};
  35
  36         # Wiki is not locked because we lack permission to do so.
  37         # So, relying on atomic index file updates to avoid trouble.
  38         IkiWiki::loadindex();
  39
  40         my %newfiles;
  41
  42         foreach my $change (IkiWiki::rcs_receive()) {
  43                 # This untaint is safe because we check file_pruned and
  44                 # wiki_file_regexp.
  45                 my ($file)=$change->{file}=~/$config{wiki_file_regexp}/;
  46                 $file=IkiWiki::possibly_foolish_untaint($file);
  47                 if (! defined $file || ! length $file ||
  48                     IkiWiki::file_pruned($file, $config{srcdir})) {
  49                         error(gettext("bad file name %s"), $file);
  50                 }
  51
  52                 my $type=pagetype($file);
  53                 my $page=pagename($file) if defined $type;
  54
  55                 if ($change->{action} eq 'add') {
  56                         $newfiles{$file}=1;
  57                 }
  58
  59                 if ($change->{action} eq 'change' ||
  60                     $change->{action} eq 'add') {
  61                         if (defined $page) {
  62                                 if (IkiWiki->can("check_canedit")) {
  63                                         IkiWiki::check_canedit($page, $cgi, $session);
  64                                         next;
  65                                 }
  66                         }
  67                         else {
  68                                 if (IkiWiki::Plugin::attachment->can("check_canattach")) {
  69                                         IkiWiki::Plugin::attachment::check_canattach($session, $file, $change->{path});
  70                                         next;
  71                                 }
  72                         }
  73                 }
  74                 elsif ($change->{action} eq 'remove') {
  75                         # check_canremove tests to see if the file is present
  76                         # on disk. This will fail is a single commit adds a
  77                         # file and then removes it again. Avoid the problem
  78                         # by not testing the removal in such pairs of changes.
  79                         # (The add is still tested, just to make sure that
  80                         # no data is added to the repo that a web edit
  81                         # could add.)
  82                         next if $newfiles{$file};
  83
  84                         if (IkiWiki::Plugin::remove->can("check_canremove")) {
  85                                 IkiWiki::Plugin::remove::check_canremove(defined $page ? $page : $file, $cgi, $session);
  86                                 next;
  87                         }
  88                 }
  89                 else {
  90                         error "unknown action ".$change->{action};
  91                 }
  92
  93                 error sprintf(gettext("you are not allowed to change %s"), $file);
  94         }
  95
  96         exit 0;
  97 } #}}}
  98
  99 1