smcvpostcomment: always allow wikilinks, and do access control

[ikiwiki.git] / IkiWiki / Plugin / smcvpostcomment.pm

diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm
index 1255cfde1dcbf32cfda38090a5029e847ff9f6ea..43b1d3e6fbe8e927ac6bb0f642af59e094bdd5cb 100644 (file)
--- a/IkiWiki/Plugin/smcvpostcomment.pm
+++ b/IkiWiki/Plugin/smcvpostcomment.pm
@@ -8,6 +8,7 @@ package IkiWiki::Plugin::smcvpostcomment;
 use warnings;
 use strict;
 use IkiWiki 2.00;
+use IkiWiki::Plugin::inline;
 use IkiWiki::Plugin::mdwn;
 use CGI 'escapeHTML';
 
@@ -112,7 +113,6 @@ sub sessioncgi ($$) { #{{{
        return unless $do eq PLUGIN;
 
        # These are theoretically configurable, but currently hard-coded
-       my $allow_wikilinks = 0;
        my $allow_directives = 0;
        my $commit_comments = 1;
 
@@ -148,7 +148,7 @@ sub sessioncgi ($$) { #{{{
        $form->field(name => 'sid', type => 'hidden', value => $session->id,
                force => 1);
        $form->field(name => 'page', type => 'hidden');
-       $form->field(name => 'subject', type => 'text', size => 80);
+       $form->field(name => 'subject', type => 'text', size => 72);
        $form->field(name => 'body', type => 'textarea', rows => 5,
                cols => 80);
 
@@ -186,15 +186,24 @@ sub sessioncgi ($$) { #{{{
                exit;
        }
 
+       IkiWiki::check_canedit($page . "[" . PLUGIN . "]", $cgi, $session);
+
        my ($authorurl, $author) = linkuser(getcgiuser($session));
 
-       my $body = $form->field('body');
+       my $body = $form->field('body') || '';
        $body =~ s/\r\n/\n/g;
        $body =~ s/\r/\n/g;
-       $body .= "\n" if $body !~ /\n$/;
+       $body = "\n" if $body !~ /\n$/;
+
+       unless ($allow_directives) {
+               # don't allow new-style directives at all
+               $body =~ s/(^|[^\\])\[\[!/$1\\[[!/g;
 
-       $body =~ s/\[\[([^!])/[[$1/g unless $allow_wikilinks;
-       $body =~ s/\[\[!/[[!/g unless $allow_directives;
+               # don't allow [[ unless it begins an old-style
+               # wikilink, if prefix_directives is off
+               $body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1\\[[!/g
+                       unless $config{prefix_directives};
+       }
 
        # In this template, the [[!meta]] directives should stay at the end,
        # so that they will override anything the user specifies. (For
@@ -214,6 +223,8 @@ sub sessioncgi ($$) { #{{{
        # - this means that if they do, rocks fall and everyone dies
 
        if ($form->submitted eq PREVIEW) {
+               # $fake is a location that has the same number of slashes
+               # as the eventual location of this comment.
                my $fake = "$page/_" . PLUGIN . "hypothetical";
                my $preview = IkiWiki::htmlize($fake, $page, 'mdwn',
                                IkiWiki::linkify($page, $page,
@@ -253,7 +264,7 @@ sub sessioncgi ($$) { #{{{
                my $file;
                do {
                        $i++;
-                       $file = "$page/comment_${i}._" . PLUGIN;
+                       $file = "$page/_comment_${i}._" . PLUGIN;
                } while (-e "$config{srcdir}/$file");
 
                # FIXME: could probably do some sort of graceful retry
@@ -287,7 +298,7 @@ sub sessioncgi ($$) { #{{{
                error($conflict) if defined $conflict;
 
                # Bounce back to where we were, but defeat broken caches
-               my $anticache = "?updated=$page/comment_$i";
+               my $anticache = "?updated=$page/_comment_$i";
                IkiWiki::redirect($cgi, urlto($page, undef, 1).$anticache);
        }
        else {
@@ -298,4 +309,16 @@ sub sessioncgi ($$) { #{{{
        exit;
 } #}}}
 
+package IkiWiki::PageSpec;
+
+sub match_smcvpostcomment ($$;@) {
+       my $page = shift;
+       my $glob = shift;
+
+       unless ($page =~ s/\[smcvpostcomment\]$//) {
+               return IkiWiki::FailReason->new("not posting a comment");
+       }
+       return match_glob($page, $glob);
+}
+
 1