X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/c4be16703fa571e8922b43446b24cf1c4f90a371..c154fa5d6cd1620be7b139b08040740a1bdfafbc:/IkiWiki/Plugin/editpage.pm

diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm
index 8ab02cabc..c206d96a4 100644
--- a/IkiWiki/Plugin/editpage.pm
+++ b/IkiWiki/Plugin/editpage.pm
@@ -6,19 +6,19 @@ use strict;
 use IkiWiki;
 use open qw{:utf8 :std};
 
-sub import { #{{{
+sub import {
 	hook(type => "getsetup", id => "editpage", call => \&getsetup);
 	hook(type => "refresh", id => "editpage", call => \&refresh);
         hook(type => "sessioncgi", id => "editpage", call => \&IkiWiki::cgi_editpage);
-} # }}}
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
 	return
 		plugin => {
 			safe => 1,
 			rebuild => 1,
 		},
-} #}}}
+}
 
 sub refresh () {
 	if (exists $wikistate{editpage} && exists $wikistate{editpage}{previews}) {
@@ -54,7 +54,7 @@ sub refresh () {
 # and other plugins use the functions below.
 package IkiWiki;
 
-sub check_canedit ($$$;$) { #{{{
+sub check_canedit ($$$;$) {
 	my $page=shift;
 	my $q=shift;
 	my $session=shift;
@@ -78,10 +78,47 @@ sub check_canedit ($$$;$) { #{{{
 			}
 		}
 	});
-	return $canedit;
-} #}}}
+	return defined $canedit ? $canedit : 1;
+}
+
+sub check_content (@) {
+	my %params=@_;
+	
+	return 1 if ! exists $hooks{checkcontent}; # optimisation
+
+	if (exists $pagesources{$params{page}}) {
+		my @diff;
+		my %old=map { $_ => 1 }
+		        split("\n", readfile(srcfile($pagesources{$params{page}})));
+		foreach my $line (split("\n", $params{content})) {
+			push @diff, $line if ! exists $old{$_};
+		}
+		$params{content}=join("\n", @diff);
+	}
+
+	my $ok;
+	run_hooks(checkcontent => sub {
+		return if defined $ok;
+		my $ret=shift->(%params);
+		if (defined $ret) {
+			if ($ret eq "") {
+				$ok=1;
+			}
+			elsif (ref $ret eq 'CODE') {
+				$ret->() unless $params{nonfatal};
+				$ok=0;
+			}
+			elsif (defined $ret) {
+				error($ret) unless $params{nonfatal};
+				$ok=0;
+			}
+		}
+
+	});
+	return defined $ok ? $ok : 1;
+}
 
-sub cgi_editpage ($$) { #{{{
+sub cgi_editpage ($$) {
 	my $q=shift;
 	my $session=shift;
 	
@@ -105,7 +142,6 @@ sub cgi_editpage ($$) { #{{{
 		header => 0,
 		table => 0,
 		template => scalar template_params("editpage.tmpl"),
-		wikiname => $config{wikiname},
 	);
 	
 	decode_form_utf8($form);
@@ -122,7 +158,7 @@ sub cgi_editpage ($$) { #{{{
 	my $absolute=($page =~ s#^/+##);
 	if (! defined $page || ! length $page ||
 	    file_pruned($page, $config{srcdir})) {
-		error("bad page name");
+		error(gettext("bad page name"));
 	}
 
 	my $baseurl = urlto($page, undef, 1);
@@ -156,7 +192,7 @@ sub cgi_editpage ($$) { #{{{
 			$type=pagetype($pagesources{$from});
 		}
 		$type=$config{default_pageext} unless defined $type;
-		$file=$page.".".$type;
+		$file=newpagefile($page, $type);
 		if (! $form->submitted) {
 			$form->field(name => "rcsinfo", value => "", force => 1);
 		}
@@ -230,8 +266,8 @@ sub cgi_editpage ($$) { #{{{
 		# Previewing may have created files on disk.
 		# Keep a list of these to be deleted later.
 		my %previews = map { $_ => 1 } @{$wikistate{editpage}{previews}};
-		foreach my $file (@{$renderedfiles{$page}}) {
-			$previews{$file}=1 unless $wasrendered{$file};
+		foreach my $f (@{$renderedfiles{$page}}) {
+			$previews{$f}=1 unless $wasrendered{$f};
 		}
 		@{$wikistate{editpage}{previews}} = keys %previews;
 		$renderedfiles{$page}=[keys %wasrendered];
@@ -250,7 +286,7 @@ sub cgi_editpage ($$) { #{{{
 			    file_pruned($from, $config{srcdir}) ||
 			    $from=~/^\// || 
 			    $absolute ||
-			    $form->submitted eq "Preview") {
+			    $form->submitted) {
 				@page_locs=$best_loc=$page;
 			}
 			else {
@@ -340,16 +376,7 @@ sub cgi_editpage ($$) { #{{{
 	else {
 		# save page
 		check_canedit($page, $q, $session);
-	
-		# The session id is stored on the form and checked to
-		# guard against CSRF. But only if the user is logged in,
-		# as anonok can allow anonymous edits.
-		if (defined $session->param("name")) {
-			my $sid=$q->param('sid');
-			if (! defined $sid || $sid ne $session->id) {
-				error(gettext("Your login session has expired."));
-			}
-		}
+		checksessionexpiry($q, $session, $q->param('sid'));
 
 		my $exists=-e "$config{srcdir}/$file";
 
@@ -378,8 +405,17 @@ sub cgi_editpage ($$) { #{{{
 			showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
 			exit;
 		}
+			
+		my $message="";
+		if (defined $form->field('comments') &&
+		    length $form->field('comments')) {
+			$message=$form->field('comments');
+		}
 		
 		my $content=$form->field('editcontent');
+		check_content(content => $content, page => $page,
+			cgi => $q, session => $session,
+			subject => $message);
 		run_hooks(editcontent => sub {
 			$content=shift->(
 				content => $content,
@@ -413,12 +449,6 @@ sub cgi_editpage ($$) { #{{{
 		
 		my $conflict;
 		if ($config{rcs}) {
-			my $message="";
-			if (defined $form->field('comments') &&
-			    length $form->field('comments')) {
-				$message=$form->field('comments');
-			}
-			
 			if (! $exists) {
 				rcs_add($file);
 			}
@@ -462,6 +492,6 @@ sub cgi_editpage ($$) { #{{{
 	}
 
 	exit;
-} #}}}
+}
 
 1