web commit by WillThompson: Safety of arbitrary regexen

[ikiwiki.git] / IkiWiki / CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 67bce67952c044d00007471b459bf7ab2fd7cd8a..fa2287e82d4e20033076d259996f6097ae96575c 100644 (file)
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -39,6 +39,7 @@ sub cgi_recentchanges ($) { #{{{
                wikiname => $config{wikiname},
                changelog => [rcs_recentchanges(100)],
                styleurl => styleurl(),
+               baseurl => "$config{url}/",
        );
        print $q->header, $template->output;
 } #}}}
@@ -62,7 +63,8 @@ sub cgi_signin ($$) { #{{{
                required => 'NONE',
                javascript => 0,
                params => $q,
-               action => $q->request_uri,
+               # Why was this added?
+               #action => $q->request_uri,
                header => 0,
                template => (-e "$config{templatedir}/signin.tmpl" ?
                              "$config{templatedir}/signin.tmpl" : ""),
@@ -308,10 +310,12 @@ sub cgi_editpage ($$) { #{{{
        $page=lc($page);
        
        my $file=$page.$config{default_pageext};
-       my $newfile=1;
        if (exists $pagesources{lc($page)}) {
                $file=$pagesources{lc($page)};
-               $newfile=0;
+       }
+       my $newfile=0;
+       if (! -e "$config{srcdir}/$file") {
+               $newfile=1;
        }
 
        $form->field(name => "do", type => 'hidden');
@@ -327,6 +331,7 @@ sub cgi_editpage ($$) { #{{{
        $form->tmpl_param("helponformattinglink",
                htmllink("", "HelpOnFormatting", 1));
        $form->tmpl_param("styleurl", styleurl());
+       $form->tmpl_param("baseurl", "$config{url}/");
        if (! $form->submitted) {
                $form->field(name => "rcsinfo", value => rcs_prepedit($file),
                        force => 1);
@@ -403,7 +408,7 @@ sub cgi_editpage ($$) { #{{{
                            ! length $form->field('content')) {
                                my $content="";
                                if (exists $pagesources{lc($page)}) {
-                                       $content=readfile("$config{srcdir}/$pagesources{lc($page)}");
+                                       $content=readfile(srcfile($pagesources{lc($page)}));
                                        $content=~s/\n/\r\n/g;
                                }
                                $form->field(name => "content", value => $content,
@@ -423,7 +428,7 @@ sub cgi_editpage ($$) { #{{{
                my $content=$form->field('content');
                $content=~s/\r\n/\n/g;
                $content=~s/\r/\n/g;
-               writefile("$config{srcdir}/$file", $content);
+               writefile($file, $config{srcdir}, $content);
                
                my $message="web commit ";
                if (length $session->param("name")) {
@@ -473,6 +478,12 @@ sub cgi_editpage ($$) { #{{{
        }
 } #}}}
 
+sub cgi_hyperestraier () { #{{{
+       # only works for GET requests
+       chdir("$config{wikistatedir}/hyperestraier") || error("chdir: $!");
+       exec("./".basename($config{cgiurl})) || error("estseek.cgi failed");
+} #}}}
+
 sub cgi () { #{{{
        eval q{use CGI};
        eval q{use CGI::Session};
@@ -481,7 +492,12 @@ sub cgi () { #{{{
        
        my $do=$q->param('do');
        if (! defined $do || ! length $do) {
-               error("\"do\" parameter missing");
+               if (defined $q->param('phrase')) {
+                       cgi_hyperestraier();
+               }
+               else {
+                       error("\"do\" parameter missing");
+               }
        }
        
        # Things that do not need a session.
@@ -489,11 +505,14 @@ sub cgi () { #{{{
                cgi_recentchanges($q);
                return;
        }
+       elsif ($do eq 'hyperestraier') {
+               cgi_hyperestraier();
+       }
        
        CGI::Session->name("ikiwiki_session_$config{wikiname}");
        
        my $oldmask=umask(077);
-       my $session = CGI::Session->new("driver:db_file", $q,
+       my $session = CGI::Session->new("driver:DB_File", $q,
                { FileName => "$config{wikistatedir}/sessions.db" });
        umask($oldmask);