X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/18b1c7f01256ec7761263fb699aa51ae9d92bc0b..a63929f6cc7778ffc4ba57d784cdf2206ec650c7:/IkiWiki/Plugin/editpage.pm

diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm
index 794548c6d..44fe5514a 100644
--- a/IkiWiki/Plugin/editpage.pm
+++ b/IkiWiki/Plugin/editpage.pm
@@ -6,19 +6,20 @@ use strict;
 use IkiWiki;
 use open qw{:utf8 :std};
 
-sub import { #{{{
+sub import {
 	hook(type => "getsetup", id => "editpage", call => \&getsetup);
 	hook(type => "refresh", id => "editpage", call => \&refresh);
         hook(type => "sessioncgi", id => "editpage", call => \&IkiWiki::cgi_editpage);
-} # }}}
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
 	return
 		plugin => {
 			safe => 1,
 			rebuild => 1,
+			section => "core",
 		},
-} #}}}
+}
 
 sub refresh () {
 	if (exists $wikistate{editpage} && exists $wikistate{editpage}{previews}) {
@@ -51,37 +52,10 @@ sub refresh () {
 
 # Back to ikiwiki namespace for the rest, this code is very much
 # internal to ikiwiki even though it's separated into a plugin,
-# and other plugins use the functions below.
+# and other plugins use the function below.
 package IkiWiki;
 
-sub check_canedit ($$$;$) { #{{{
-	my $page=shift;
-	my $q=shift;
-	my $session=shift;
-	my $nonfatal=shift;
-	
-	my $canedit;
-	run_hooks(canedit => sub {
-		return if defined $canedit;
-		my $ret=shift->($page, $q, $session);
-		if (defined $ret) {
-			if ($ret eq "") {
-				$canedit=1;
-			}
-			elsif (ref $ret eq 'CODE') {
-				$ret->() unless $nonfatal;
-				$canedit=0;
-			}
-			elsif (defined $ret) {
-				error($ret) unless $nonfatal;
-				$canedit=0;
-			}
-		}
-	});
-	return $canedit;
-} #}}}
-
-sub cgi_editpage ($$) { #{{{
+sub cgi_editpage ($$) {
 	my $q=shift;
 	my $session=shift;
 	
@@ -105,7 +79,6 @@ sub cgi_editpage ($$) { #{{{
 		header => 0,
 		table => 0,
 		template => scalar template_params("editpage.tmpl"),
-		wikiname => $config{wikiname},
 	);
 	
 	decode_form_utf8($form);
@@ -122,7 +95,7 @@ sub cgi_editpage ($$) { #{{{
 	my $absolute=($page =~ s#^/+##);
 	if (! defined $page || ! length $page ||
 	    file_pruned($page, $config{srcdir})) {
-		error("bad page name");
+		error(gettext("bad page name"));
 	}
 
 	my $baseurl = urlto($page, undef, 1);
@@ -250,15 +223,16 @@ sub cgi_editpage ($$) { #{{{
 			    file_pruned($from, $config{srcdir}) ||
 			    $from=~/^\// || 
 			    $absolute ||
-			    $form->submitted eq "Preview") {
+			    $form->submitted) {
 				@page_locs=$best_loc=$page;
 			}
 			else {
 				my $dir=$from."/";
 				$dir=~s![^/]+/+$!!;
 				
-				if ((defined $form->field('subpage') && length $form->field('subpage')) ||
-				    $page eq gettext('discussion')) {
+				if ((defined $form->field('subpage') &&
+				     length $form->field('subpage')) ||
+				    $page eq lc($config{discussionpage})) {
 					$best_loc="$from/$page";
 				}
 				else {
@@ -272,8 +246,9 @@ sub cgi_editpage ($$) { #{{{
 					push @page_locs, $dir.$page;
 				}
 			
-				push @page_locs, "$config{userdir}/$page"
-					if length $config{userdir};
+				my $userpage=IkiWiki::userpage($page);
+				push @page_locs, $userpage
+					if ! grep { $_ eq $userpage } @page_locs;
 			}
 
 			@page_locs = grep {
@@ -298,15 +273,19 @@ sub cgi_editpage ($$) { #{{{
 				check_canedit($_, $q, $session, 1)
 			} @page_locs;
 			if (! @editable_locs) {
-				# let it throw an error this time
-				map { check_canedit($_, $q, $session) } @page_locs;
+				# now let it throw an error, or prompt for
+				# login
+				map { check_canedit($_, $q, $session) }
+					($best_loc, @page_locs);
 			}
 			
 			my @page_types;
 			if (exists $hooks{htmlize}) {
-				@page_types=grep { !/^_/ }
-					keys %{$hooks{htmlize}};
+				foreach my $key (grep { !/^_/ } keys %{$hooks{htmlize}}) {
+					push @page_types, [$key, $hooks{htmlize}{$key}{longname} || $key];
+				}
 			}
+			@page_types=sort @page_types;
 			
 			$form->tmpl_param("page_select", 1);
 			$form->field(name => "page", type => 'select',
@@ -340,16 +319,7 @@ sub cgi_editpage ($$) { #{{{
 	else {
 		# save page
 		check_canedit($page, $q, $session);
-	
-		# The session id is stored on the form and checked to
-		# guard against CSRF. But only if the user is logged in,
-		# as anonok can allow anonymous edits.
-		if (defined $session->param("name")) {
-			my $sid=$q->param('sid');
-			if (! defined $sid || $sid ne $session->id) {
-				error(gettext("Your login session has expired."));
-			}
-		}
+		checksessionexpiry($q, $session, $q->param('sid'));
 
 		my $exists=-e "$config{srcdir}/$file";
 
@@ -378,8 +348,17 @@ sub cgi_editpage ($$) { #{{{
 			showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
 			exit;
 		}
+			
+		my $message="";
+		if (defined $form->field('comments') &&
+		    length $form->field('comments')) {
+			$message=$form->field('comments');
+		}
 		
 		my $content=$form->field('editcontent');
+		check_content(content => $content, page => $page,
+			cgi => $q, session => $session,
+			subject => $message);
 		run_hooks(editcontent => sub {
 			$content=shift->(
 				content => $content,
@@ -413,12 +392,6 @@ sub cgi_editpage ($$) { #{{{
 		
 		my $conflict;
 		if ($config{rcs}) {
-			my $message="";
-			if (defined $form->field('comments') &&
-			    length $form->field('comments')) {
-				$message=$form->field('comments');
-			}
-			
 			if (! $exists) {
 				rcs_add($file);
 			}
@@ -462,6 +435,6 @@ sub cgi_editpage ($$) { #{{{
 	}
 
 	exit;
-} #}}}
+}
 
 1