X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/06b28dddecce8d27c0b556c883b8721aee1d3dc9..a3672af973563dc13b4da56e3d8c58064b67edd7:/IkiWiki.pm

diff --git a/IkiWiki.pm b/IkiWiki.pm
index 466907c9d..c06751dd3 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1201,7 +1201,7 @@ sub userpage ($) {
 sub openiduser ($) {
 	my $user=shift;
 
-	if ($user =~ m!^https?://! &&
+	if (defined $user && $user =~ m!^https?://! &&
 	    eval q{use Net::OpenID::VerifiedIdentity; 1} && !$@) {
 		my $display;
 
@@ -1519,6 +1519,69 @@ sub check_content (@) {
 	return defined $ok ? $ok : 1;
 }
 
+sub check_canchange (@) {
+	my %params = @_;
+	my $cgi = $params{cgi};
+	my $session = $params{session};
+	my @changes = @{$params{changes}};
+
+	my %newfiles;
+	foreach my $change (@changes) {
+		# This untaint is safe because we check file_pruned and
+		# wiki_file_regexp.
+		my ($file)=$change->{file}=~/$config{wiki_file_regexp}/;
+		$file=possibly_foolish_untaint($file);
+		if (! defined $file || ! length $file ||
+		    file_pruned($file)) {
+			error(gettext("bad file name %s"), $file);
+		}
+
+		my $type=pagetype($file);
+		my $page=pagename($file) if defined $type;
+
+		if ($change->{action} eq 'add') {
+			$newfiles{$file}=1;
+		}
+
+		if ($change->{action} eq 'change' ||
+		    $change->{action} eq 'add') {
+			if (defined $page) {
+				check_canedit($page, $cgi, $session);
+				next;
+			}
+			else {
+				if (IkiWiki::Plugin::attachment->can("check_canattach")) {
+					IkiWiki::Plugin::attachment::check_canattach($session, $file, $change->{path});
+					check_canedit($file, $cgi, $session);
+					next;
+				}
+			}
+		}
+		elsif ($change->{action} eq 'remove') {
+			# check_canremove tests to see if the file is present
+			# on disk. This will fail when a single commit adds a
+			# file and then removes it again. Avoid the problem
+			# by not testing the removal in such pairs of changes.
+			# (The add is still tested, just to make sure that
+			# no data is added to the repo that a web edit
+			# could not add.)
+			next if $newfiles{$file};
+
+			if (IkiWiki::Plugin::remove->can("check_canremove")) {
+				IkiWiki::Plugin::remove::check_canremove(defined $page ? $page : $file, $cgi, $session);
+				check_canedit(defined $page ? $page : $file, $cgi, $session);
+				next;
+			}
+		}
+		else {
+			error "unknown action ".$change->{action};
+		}
+
+		error sprintf(gettext("you are not allowed to change %s"), $file);
+	}
+}
+
+
 my $wikilock;
 
 sub lockwiki () {
@@ -1941,18 +2004,6 @@ sub rcs_receive () {
 	$hooks{rcs}{rcs_receive}{call}->();
 }
 
-sub rcs_preprevert (@) {
-	$hooks{rcs}{rcs_preprevert}{call}->(@_);
-}
-
-sub rcs_revert (@) {
-	$hooks{rcs}{rcs_revert}{call}->(@_);
-}
-
-sub rcs_showpatch (@) {
-	$hooks{rcs}{rcs_showpatch}{call}->(@_);
-}
-
 sub add_depends ($$;$) {
 	my $page=shift;
 	my $pagespec=shift;
@@ -2337,7 +2388,7 @@ sub glob2re ($) {
 	my $re=quotemeta(shift);
 	$re=~s/\\\*/.*/g;
 	$re=~s/\\\?/./g;
-	return $re;
+	return qr/^$re$/i;
 }
 
 package IkiWiki::FailReason;
@@ -2431,6 +2482,8 @@ sub derel ($$) {
 	return $path;
 }
 
+my %glob_cache;
+
 sub match_glob ($$;@) {
 	my $page=shift;
 	my $glob=shift;
@@ -2438,8 +2491,13 @@ sub match_glob ($$;@) {
 	
 	$glob=derel($glob, $params{location});
 
-	my $regexp=IkiWiki::glob2re($glob);
-	if ($page=~/^$regexp$/i) {
+	# Instead of converting the glob to a regex every time,
+	# cache the compiled regex to save time.
+	my $re=$glob_cache{$glob};
+	unless (defined $re) {
+		$glob_cache{$glob} = $re = IkiWiki::glob2re($glob);
+	}
+	if ($page =~ $re) {
 		if (! IkiWiki::isinternal($page) || $params{internal}) {
 			return IkiWiki::SuccessReason->new("$glob matches $page");
 		}
@@ -2557,7 +2615,12 @@ sub match_created_after ($$;@) {
 }
 
 sub match_creation_day ($$;@) {
-	if ((localtime($IkiWiki::pagectime{shift()}))[3] == shift) {
+	my $page=shift;
+	my $d=shift;
+	if ($d !~ /^\d+$/) {
+		return IkiWiki::ErrorReason->new("invalid day $d");
+	}
+	if ((localtime($IkiWiki::pagectime{$page}))[3] == $d) {
 		return IkiWiki::SuccessReason->new('creation_day matched');
 	}
 	else {
@@ -2566,7 +2629,12 @@ sub match_creation_day ($$;@) {
 }
 
 sub match_creation_month ($$;@) {
-	if ((localtime($IkiWiki::pagectime{shift()}))[4] + 1 == shift) {
+	my $page=shift;
+	my $m=shift;
+	if ($m !~ /^\d+$/) {
+		return IkiWiki::ErrorReason->new("invalid month $m");
+	}
+	if ((localtime($IkiWiki::pagectime{$page}))[4] + 1 == $m) {
 		return IkiWiki::SuccessReason->new('creation_month matched');
 	}
 	else {
@@ -2575,7 +2643,12 @@ sub match_creation_month ($$;@) {
 }
 
 sub match_creation_year ($$;@) {
-	if ((localtime($IkiWiki::pagectime{shift()}))[5] + 1900 == shift) {
+	my $page=shift;
+	my $y=shift;
+	if ($y !~ /^\d+$/) {
+		return IkiWiki::ErrorReason->new("invalid year $y");
+	}
+	if ((localtime($IkiWiki::pagectime{$page}))[5] + 1900 == $y) {
 		return IkiWiki::SuccessReason->new('creation_year matched');
 	}
 	else {
@@ -2594,7 +2667,7 @@ sub match_user ($$;@) {
 		return IkiWiki::ErrorReason->new("no user specified");
 	}
 
-	if (defined $params{user} && $params{user}=~/^$regexp$/i) {
+	if (defined $params{user} && $params{user}=~$regexp) {
 		return IkiWiki::SuccessReason->new("user is $user");
 	}
 	elsif (! defined $params{user}) {