X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/d389b0e4a45ebd88705f3bb95bf2e19e10e6ca2a..829e0b1b65529975131f3095333963cce5b0eea4:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 14861e398..a41349be5 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -46,7 +46,7 @@ sub page_locked ($$;$) { #{{{
 		if (pagespec_match($page, userinfo_get($admin, "locked_pages"))) {
 			return 1 if $nonfatal;
 			error(htmllink("", "", $page, 1)." is locked by ".
-			      htmllink("", "", $admin, 1)." and cannot be edited.");
+			      userlink($admin)." and cannot be edited.");
 		}
 	}
 
@@ -77,22 +77,12 @@ sub cgi_recentchanges ($) { #{{{
 
 	eval q{use Time::Duration};
 	error($@) if $@;
-	eval q{use CGI 'escapeHTML'};
-	error($@) if $@;
 
 	my $changelog=[rcs_recentchanges(100)];
 	foreach my $change (@$changelog) {
 		$change->{when} = concise(ago($change->{when}));
 
-		if ($change->{user} =~ m!^https?://! &&
-		    eval q{use Net::OpenID::VerifiedIdentity; 1} && !$@) {
-			# Munge user-urls, as used by eg, OpenID.
-			my $oid=Net::OpenID::VerifiedIdentity->new(identity => $change->{user});
-			$change->{user} = "<a href=\"".$change->{user}."\">".escapeHTML($oid->display)."</a>";
-		}
-		else {
-			$change->{user} = htmllink("", "", escapeHTML($change->{user}), 1);
-		}
+		$change->{user} = userlink($change->{user});
 
 		my $is_excess = exists $change->{pages}[10]; # limit pages to first 10
 		delete @{$change->{pages}}[10 .. @{$change->{pages}}] if $is_excess;
@@ -127,16 +117,9 @@ sub cgi_signin ($$) { #{{{
 	error($@) if $@;
 	my $form = CGI::FormBuilder->new(
 		title => "signin",
-		fields => [qw(do name password openid_url)],
 		header => 1,
 		charset => "utf-8",
 		method => 'POST',
-		validate => {
-			confirm_password => {
-				perl => q{eq $form->field("password")},
-			},
-			email => 'EMAIL',
-		},
 		required => 'NONE',
 		javascript => 0,
 		params => $q,
@@ -146,170 +129,32 @@ sub cgi_signin ($$) { #{{{
 			     {template_params("signin.tmpl")} : ""),
 		stylesheet => baseurl()."style.css",
 	);
-		
-	decode_form_utf8($form);
+	my $buttons=["Login"];
 	
-	$form->field(name => "name", required => 0, size => 30);
 	$form->field(name => "do", type => "hidden");
-	$form->field(name => "password", type => "password", required => 0);
-	if ($config{openid}) {
-		$form->field(name => "openid_url", label => "OpenID", size => 30,
-			comment => '('.
-				htmllink("", "", "OpenID", 1, 0, "What's this?")
-				.($config{openidsignup} ? " | <a href=\"$config{openidsignup}\">Get an OpenID</a>" : "")
-				.')');
-	}
-	else {
-		$form->field(name => "openid_url", type => "hidden");
-	}
-	if ($form->submitted eq "Register" || $form->submitted eq "Create Account") {
-		$form->title("register");
-		$form->text("");
-		$form->fields(qw(do name password confirm_password email));
-		$form->field(name => "confirm_password", type => "password");
-		$form->field(name => "email", type => "text");
-		$form->field(name => "openid_url", type => "hidden");
-	}
+	
 	if ($q->param("do") ne "signin" && !$form->submitted) {
 		$form->text("You need to log in first.");
 	}
 	
-	if ($form->submitted) {
-		my $submittype=$form->submitted;
-		# OpenID login uses the Login button, but validates
-		# differently.
-		if ($submittype eq "Login" && $config{openid} && 
-		    length $form->field("openid_url")) {
-			$submittype="OpenID";
-			
-			$form->field(
-				name => "openid_url",
-				validate => sub {
-					# FIXME: ugh
-					IkiWiki::Plugin::openid::validate($q, $session, shift, $form);
-				},
-			);
-		}
-
-		# Set required fields based on how form was submitted.
-		my %required=(
-			"Login" => [qw(name password)],
-			"Register" => [],
-			"Create Account" => [qw(name password confirm_password email)],
-			"Mail Password" => [qw(name)],
-			"OpenID" => [qw(openid_url)],
-		);
-		foreach my $opt (@{$required{$submittype}}) {
-			$form->field(name => $opt, required => 1);
-		}
+	run_hooks(formbuilder_setup => sub {
+		shift->(form => $form, cgi => $q, session => $session);
+	});
 	
-		# Validate password differently depending on how
-		# form was submitted.
-		if ($submittype eq 'Login') {
-			$form->field(
-				name => "password",
-				validate => sub {
-					length $form->field("name") &&
-					shift eq userinfo_get($form->field("name"), 'password');
-				},
-			);
-			$form->field(name => "name", validate => '/^\w+$/');
-		}
-		elsif ($submittype ne 'OpenID') {
-			$form->field(name => "password", validate => 'VALUE');
-		}
-		# And make sure the entered name exists when logging
-		# in or sending email, and does not when registering.
-		if ($submittype eq 'Create Account' ||
-		    $submittype eq 'Register') {
-			$form->field(
-				name => "name",
-				validate => sub {
-					my $name=shift;
-					length $name &&
-					$name=~/$config{wiki_file_regexp}/ &&
-					! userinfo_get($name, "regdate");
-				},
-			);
-		}
-		elsif ($submittype ne 'OpenID') {
-			$form->field(
-				name => "name",
-				validate => sub {
-					my $name=shift;
-					length $name &&
-					userinfo_get($name, "regdate");
-				},
-			);
-		}
-	}
-	else {
-		# First time settings.
-		$form->field(name => "name", comment => "use FirstnameLastName");
-		if ($session->param("name")) {
-			$form->field(name => "name", value => $session->param("name"));
-		}
-	}
+	decode_form_utf8($form);
 
-	if ($form->submitted && $form->validate) {
-		if ($form->submitted eq 'Login') {
-			$session->param("name", $form->field("name"));
-			cgi_postsignin($q, $session);
-		}
-		elsif ($form->submitted eq 'Create Account') {
-			my $user_name=$form->field('name');
-			if (userinfo_setall($user_name, {
-				           'email' => $form->field('email'),
-				           'password' => $form->field('password'),
-				           'regdate' => time
-				         })) {
-				$form->field(name => "confirm_password", type => "hidden");
-				$form->field(name => "email", type => "hidden");
-				$form->text("Account creation successful. Now you can Login.");
-				printheader($session);
-				print misctemplate($form->title, $form->render(submit => ["Login"]));
-			}
-			else {
-				error("Error creating account.");
-			}
-		}
-		elsif ($form->submitted eq 'Mail Password') {
-			my $user_name=$form->field("name");
-			my $template=template("passwordmail.tmpl");
-			$template->param(
-				user_name => $user_name,
-				user_password => userinfo_get($user_name, "password"),
-				wikiurl => $config{url},
-				wikiname => $config{wikiname},
-				REMOTE_ADDR => $ENV{REMOTE_ADDR},
-			);
-			
-			eval q{use Mail::Sendmail};
-			error($@) if $@;
-			sendmail(
-				To => userinfo_get($user_name, "email"),
-				From => "$config{wikiname} admin <$config{adminemail}>",
-				Subject => "$config{wikiname} information",
-				Message => $template->output,
-			) or error("Failed to send mail");
-			
-			$form->text("Your password has been emailed to you.");
-			$form->field(name => "name", required => 0);
-			printheader($session);
-			print misctemplate($form->title, $form->render(submit => ["Login", "Mail Password"]));
-		}
-		elsif ($form->submitted eq "Register") {
-			printheader($session);
-			print misctemplate($form->title, $form->render(submit => ["Create Account"]));
-		}
-	}
-	elsif ($form->submitted eq "Create Account") {
-		printheader($session);
-		print misctemplate($form->title, $form->render(submit => ["Create Account"]));
+	if (exists $hooks{formbuilder}) {
+		run_hooks(formbuilder => sub {
+			shift->(form => $form, cgi => $q, session => $session,
+				buttons => $buttons);
+		});
 	}
 	else {
+		if ($form->submitted) {
+			$form->validate;
+		}
 		printheader($session);
-		print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
+		print misctemplate($form->title, $form->render(submit => $buttons));
 	}
 } #}}}
 
@@ -323,6 +168,7 @@ sub cgi_postsignin ($$) { #{{{
 		my $postsignin=CGI->new($session->param("postsignin"));
 		$session->clear("postsignin");
 		cgi($postsignin, $session);
+		cgi_savesession($session);
 		exit;
 	}
 	else {
@@ -338,15 +184,10 @@ sub cgi_prefs ($$) { #{{{
 	error($@) if $@;
 	my $form = CGI::FormBuilder->new(
 		title => "preferences",
-		fields => [qw(do name password confirm_password email 
-		              subscriptions locked_pages)],
 		header => 0,
 		charset => "utf-8",
 		method => 'POST',
 		validate => {
-			confirm_password => {
-				perl => q{eq $form->field("password")},
-			},
 			email => 'EMAIL',
 		},
 		required => 'NONE',
@@ -357,30 +198,26 @@ sub cgi_prefs ($$) { #{{{
 			     {template_params("prefs.tmpl")} : ""),
 		stylesheet => baseurl()."style.css",
 	);
-	my @buttons=("Save Preferences", "Logout", "Cancel");
+	my $buttons=["Save Preferences", "Logout", "Cancel"];
+
+	run_hooks(formbuilder_setup => sub {
+		shift->(form => $form, cgi => $q, session => $session);
+	});
 	
-	my $user_name=$session->param("name");
 	$form->field(name => "do", type => "hidden");
-	$form->field(name => "name", disabled => 1,
-		value => $user_name, force => 1, size => 30);
-	$form->field(name => "password", type => "password");
-	$form->field(name => "confirm_password", type => "password");
+	$form->field(name => "email", size => 50);
 	$form->field(name => "subscriptions", size => 50,
 		comment => "(".htmllink("", "", "PageSpec", 1).")");
 	$form->field(name => "locked_pages", size => 50,
 		comment => "(".htmllink("", "", "PageSpec", 1).")");
 	$form->field(name => "banned_users", size => 50);
 	
+	my $user_name=$session->param("name");
 	if (! is_admin($user_name)) {
 		$form->field(name => "locked_pages", type => "hidden");
 		$form->field(name => "banned_users", type => "hidden");
 	}
 
-	if ($config{httpauth}) {
-		$form->field(name => "password", type => "hidden");
-		$form->field(name => "confirm_password", type => "hidden");
-	}
-	
 	if (! $form->submitted) {
 		$form->field(name => "email", force => 1,
 			value => userinfo_get($user_name, "email"));
@@ -406,8 +243,8 @@ sub cgi_prefs ($$) { #{{{
 		return;
 	}
 	elsif ($form->submitted eq "Save Preferences" && $form->validate) {
-		foreach my $field (qw(password email subscriptions locked_pages)) {
-			if (length $form->field($field)) {
+		foreach my $field (qw(email subscriptions locked_pages)) {
+			if (defined $form->field($field) && length $form->field($field)) {
 				userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
 			}
 		}
@@ -418,8 +255,16 @@ sub cgi_prefs ($$) { #{{{
 		$form->text("Preferences saved.");
 	}
 	
-	printheader($session);
-	print misctemplate($form->title, $form->render(submit => \@buttons));
+	if (exists $hooks{formbuilder}) {
+		run_hooks(formbuilder => sub {
+			shift->(form => $form, cgi => $q, session => $session,
+				buttons => $buttons);
+		});
+	}
+	else {
+		printheader($session);
+		print misctemplate($form->title, $form->render(submit => $buttons));
+	}
 } #}}}
 
 sub cgi_editpage ($$) { #{{{
@@ -429,15 +274,8 @@ sub cgi_editpage ($$) { #{{{
 	my @fields=qw(do rcsinfo subpage from page type editcontent comments);
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
-	eval q{use CGI::FormBuilder; use CGI::FormBuilder::Template::HTML};
+	eval q{use CGI::FormBuilder};
 	error($@) if $@;
-	my $renderer=CGI::FormBuilder::Template::HTML->new(
-		fields => \@fields,
-		template_params("editpage.tmpl"),
-	);
-	run_hooks(pagetemplate => sub {
-		shift->(page => "", destpage => "", template => $renderer->engine);
-	});
 	my $form = CGI::FormBuilder->new(
 		fields => \@fields,
 		header => 1,
@@ -451,17 +289,21 @@ sub cgi_editpage ($$) { #{{{
 		params => $q,
 		action => $config{cgiurl},
 		table => 0,
-		template => $renderer,
+		template => (-e "$config{templatedir}/editpage.tmpl" ?
+				{template_params("editpage.tmpl")} : ""),
 	);
 	
+	run_hooks(formbuilder_setup => sub {
+		shift->(form => $form, cgi => $q, session => $session);
+	});
+	
 	decode_form_utf8($form);
 	
 	# This untaint is safe because titlepage removes any problematic
 	# characters.
 	my ($page)=$form->field('page');
 	$page=titlepage(possibly_foolish_untaint($page));
-	if (! defined $page || ! length $page ||
-	    $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
+	if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
 		error("bad page name");
 	}
 	
@@ -551,7 +393,7 @@ sub cgi_editpage ($$) { #{{{
 			my $best_loc;
 			if (! defined $from || ! length $from ||
 			    $from ne $form->field('from') ||
-			    $from=~/$config{wiki_file_prune_regexp}/ ||
+			    file_pruned($from, $config{srcdir}) ||
 			    $from=~/^\// ||
 			    $form->submitted eq "Preview") {
 				@page_locs=$best_loc=$page;
@@ -630,20 +472,13 @@ sub cgi_editpage ($$) { #{{{
 		$content=~s/\r/\n/g;
 		writefile($file, $config{srcdir}, $content);
 		
-		my $message="web commit ";
-		if (defined $session->param("name") && 
-		    length $session->param("name")) {
-			$message.="by ".$session->param("name");
-		}
-		else {
-			$message.="from $ENV{REMOTE_ADDR}";
-		}
-		if (defined $form->field('comments') &&
-		    length $form->field('comments')) {
-			$message.=": ".$form->field('comments');
-		}
-		
 		if ($config{rcs}) {
+			my $message="";
+			if (defined $form->field('comments') &&
+			    length $form->field('comments')) {
+				$message=$form->field('comments');
+			}
+			
 			if ($newfile) {
 				rcs_add($file);
 			}
@@ -652,7 +487,8 @@ sub cgi_editpage ($$) { #{{{
 			# presumably the commit will trigger an update
 			# of the wiki
 			my $conflict=rcs_commit($file, $message,
-				$form->field("rcsinfo"));
+				$form->field("rcsinfo"),
+				$session->param("name"), $ENV{REMOTE_ADDR});
 		
 			if (defined $conflict) {
 				$form->field(name => "rcsinfo", value => rcs_prepedit($file),
@@ -681,12 +517,35 @@ sub cgi_editpage ($$) { #{{{
 	}
 } #}}}
 
+sub cgi_getsession ($) { #{{{
+	my $q=shift;
+
+	eval q{use CGI::Session};
+	CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
+	
+	my $oldmask=umask(077);
+	my $session = CGI::Session->new("driver:DB_File", $q,
+		{ FileName => "$config{wikistatedir}/sessions.db" });
+	umask($oldmask);
+
+	return $session;
+} #}}}
+
+sub cgi_savesession ($) { #{{{
+	my $session=shift;
+
+	# Force session flush with safe umask.
+	my $oldmask=umask(077);
+	$session->flush;
+	umask($oldmask);
+}
+
 sub cgi (;$$) { #{{{
 	my $q=shift;
 	my $session=shift;
 
 	if (! $q) {
-		eval q{use CGI; use CGI::Session};
+		eval q{use CGI};
 		error($@) if $@;
 	
 		$q=CGI->new;
@@ -718,12 +577,7 @@ sub cgi (;$$) { #{{{
 	lockwiki();
 	
 	if (! $session) {
-		CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
-	
-		my $oldmask=umask(077);
-		$session = CGI::Session->new("driver:DB_File", $q,
-			{ FileName => "$config{wikistatedir}/sessions.db" });
-		umask($oldmask);
+		$session=cgi_getsession($q);
 	}
 	
 	# Auth hooks can sign a user in.
@@ -753,12 +607,7 @@ sub cgi (;$$) { #{{{
 			$session->param(postsignin => $ENV{QUERY_STRING});
 		}
 		cgi_signin($q, $session);
-	
-		# Force session flush with safe umask.
-		my $oldmask=umask(077);
-		$session->flush;
-		umask($oldmask);
-		
+		cgi_savesession($session);
 		return;
 	}
 	elsif (defined $session->param("postsignin")) {
@@ -769,6 +618,7 @@ sub cgi (;$$) { #{{{
 		print $q->header(-status => "403 Forbidden");
 		$session->delete();
 		print "You are banned.";
+		cgi_savesession($session);
 		exit;
 	}
 	
@@ -797,4 +647,28 @@ sub cgi (;$$) { #{{{
 	}
 } #}}}
 
+sub userlink ($) { #{{{
+	my $user=shift;
+
+	eval q{use CGI 'escapeHTML'};
+	error($@) if $@;
+	if ($user =~ m!^https?://! &&
+	    eval q{use Net::OpenID::VerifiedIdentity; 1} && !$@) {
+		# Munge user-urls, as used by eg, OpenID.
+		my $oid=Net::OpenID::VerifiedIdentity->new(identity => $user);
+		my $display=$oid->display;
+		# Convert "user.somehost.com" to "user [somehost.com]".
+		if ($display !~ /\[/) {
+			$display=~s/^(.*?)\.([^.]+\.[a-z]+)$/$1 [$2]/;
+		}
+		$display=~s!^https?://!!; # make sure this is removed
+		return "<a href=\"$user\">".escapeHTML($display)."</a>";
+	}
+	else {
+		return htmllink("", "", escapeHTML(
+			length $config{userdir} ? $config{userdir}."/".$user : $user
+		), 1);
+	}
+} #}}}
+
 1