]> sipb.mit.edu Git - ikiwiki.git/blobdiff - IkiWiki/CGI.pm
sipb-www / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CGI: pad error responses with 512 bytes of spaces so IE will display them
[ikiwiki.git] / IkiWiki / CGI.pm
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 81cb42d1309fd537ef7a7e7da799ca95ff7a50ee..8734cdd494ece0d4f1a2229d0bed37542519495e 100644 (file)
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -203,25 +203,9 @@ sub cgi_prefs ($$) {
        
        my $user_name=$session->param("name");
 
        
        my $user_name=$session->param("name");
 
-       # XXX deprecated, should be removed eventually
-       $form->field(name => "banned_users", size => 50, fieldset => "admin");
-       if (! is_admin($user_name)) {
-               $form->field(name => "banned_users", type => "hidden");
-       }
        if (! $form->submitted) {
                $form->field(name => "email", force => 1,
                        value => userinfo_get($user_name, "email"));
        if (! $form->submitted) {
                $form->field(name => "email", force => 1,
                        value => userinfo_get($user_name, "email"));
-               if (is_admin($user_name)) {
-                       my $value=join(" ", get_banned_users());
-                       if (length $value) {
-                               $form->field(name => "banned_users", force => 1,
-                                       value => join(" ", get_banned_users()),
-                                       comment => "deprecated; please move to banned_users in setup file");
-                       }
-                       else {
-                               $form->field(name => "banned_users", type => "hidden");
-                       }
-               }
        }
        
        if ($form->submitted eq 'Logout') {
        }
        
        if ($form->submitted eq 'Logout') {
@@ -239,17 +223,6 @@ sub cgi_prefs ($$) {
                                error("failed to set email");
                }
 
                                error("failed to set email");
                }
 
-               # XXX deprecated, should be removed eventually
-               if (is_admin($user_name)) {
-                       set_banned_users(grep { ! is_admin($_) }
-                                       split(' ',
-                                               $form->field("banned_users"))) ||
-                               error("failed saving changes");
-                       if (! length $form->field("banned_users")) {
-                               $form->field(name => "banned_users", type => "hidden");
-                       }
-               }
-
                $form->text(gettext("Preferences saved."));
        }
        
                $form->text(gettext("Preferences saved."));
        }
        
@@ -262,13 +235,13 @@ sub check_banned ($$) {
 
        my $name=$session->param("name");
        if (defined $name) {
 
        my $name=$session->param("name");
        if (defined $name) {
-               # XXX banned in userinfo is deprecated, should be removed
-               # eventually, and only banned_users be checked.
-               if (userinfo_get($session->param("name"), "banned") ||
-                   grep { $name eq $_ } @{$config{banned_users}}) {
+               if (grep { $name eq $_ } @{$config{banned_users}}) {
                        print $q->header(-status => "403 Forbidden");
                        $session->delete();
                        print gettext("You are banned.");
                        print $q->header(-status => "403 Forbidden");
                        $session->delete();
                        print gettext("You are banned.");
+                       # Internet Explorer won't show custom 404 responses
+                       # unless they're >= 512 bytes
+                       print " " x 512;
                        cgi_savesession($session);
                        exit;
                }
                        cgi_savesession($session);
                        exit;
                }
@@ -321,6 +294,90 @@ sub cgi_savesession ($) {
        umask($oldmask);
 }
 
        umask($oldmask);
 }
 
+# cgi_goto(CGI, [page])
+# Redirect to a specified page, or display "not found". If not specified,
+# the page param from the CGI object is used.
+sub cgi_goto ($;$) {
+       my $q = shift;
+       my $page = shift;
+
+       if (!defined $page) {
+               $page = decode_utf8($q->param("page"));
+
+               if (!defined $page) {
+                       error("missing page parameter");
+               }
+       }
+
+       loadindex();
+
+       # If the page is internal (like a comment), see if it has a
+       # permalink. Comments do.
+       if (isinternal($page) &&
+           defined $pagestate{$page}{meta}{permalink}) {
+               redirect($q, $pagestate{$page}{meta}{permalink});
+       }
+
+       my $link = bestlink("", $page);
+
+       if (! length $link) {
+               print $q->header(-status => "404 Not Found");
+               print misctemplate(gettext("missing page"),
+                       "<p>".
+                       sprintf(gettext("The page %s does not exist."),
+                               htmllink("", "", $page)).
+                       "</p>".
+                       # Internet Explorer won't show custom 404 responses
+                       # unless they're >= 512 bytes
+                       (" " x 512));
+       }
+       else {
+               redirect($q, urlto($link, undef, 1));
+       }
+
+       exit;
+}
+
+sub cgi_page_from_404 ($$$) {
+       my $path = shift;
+       my $baseurl = shift;
+       my $usedirs = shift;
+
+       # fail if missing from environment or whatever
+       return undef unless defined $path;
+       return undef unless defined $baseurl;
+
+       # with usedirs on, path is like /~fred/foo/bar/ or /~fred/foo/bar or
+       #    /~fred/foo/bar/index.html
+       # with usedirs off, path is like /~fred/foo/bar.html
+       # baseurl is like 'http://people.example.com/~fred'
+
+       # convert baseurl to ~fred
+       unless ($baseurl =~ s{^https?://[^/]+/?}{}) {
+               return undef;
+       }
+
+       # convert path to /~fred/foo/bar
+       if ($usedirs) {
+               $path =~ s/\/*(?:index\.$config{htmlext})?$//;
+       }
+       else {
+               $path =~ s/\.$config{htmlext}$//;
+       }
+
+       # remove /~fred/
+       unless ($path =~ s{^/*\Q$baseurl\E/*}{}) {
+               return undef;
+       }
+
+       # special case for the index
+       unless ($path) {
+               return 'index';
+       }
+
+       return $path;
+}
+
 sub cgi (;$$) {
        my $q=shift;
        my $session=shift;
 sub cgi (;$$) {
        my $q=shift;
        my $session=shift;
@@ -347,7 +404,21 @@ sub cgi (;$$) {
                        error("\"do\" parameter missing");
                }
        }
                        error("\"do\" parameter missing");
                }
        }
-       
+
+       # goto is the preferred name for this; recentchanges_link and
+       # commenter are for compatibility with any saved URLs
+       if ($do eq 'goto' || $do eq 'recentchanges_link' ||
+           $do eq 'commenter') {
+               my $page = undef;
+
+               if ($ENV{REDIRECT_STATUS} eq '404') {
+                       $page = cgi_page_from_404($ENV{REDIRECT_URL},
+                               $config{url}, $config{usedirs});
+               }
+
+               cgi_goto($q, $page);
+       }
+
        # Need to lock the wiki before getting a session.
        lockwiki();
        loadindex();
        # Need to lock the wiki before getting a session.
        lockwiki();
        loadindex();
wiki compiler