X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/ec965fc92cd41f597c6e8e88584b9a688407c8c6..cfcc79ed4c9f11ef8af2ae19e3bb402289e9ea39:/IkiWiki/Plugin/rename.pm diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm index d0e5894dc..0da90a538 100644 --- a/IkiWiki/Plugin/rename.pm +++ b/IkiWiki/Plugin/rename.pm @@ -18,6 +18,7 @@ sub getsetup () { plugin => { safe => 1, rebuild => 0, + section => "web", }, } @@ -49,7 +50,7 @@ sub check_canrename ($$$$$$) { IkiWiki::check_canedit($src, $q, $session); if ($attachment) { if (IkiWiki::Plugin::attachment->can("check_canattach")) { - IkiWiki::Plugin::attachment::check_canattach($session, $src, $srcfile); + IkiWiki::Plugin::attachment::check_canattach($session, $src, "$config{srcdir}/$srcfile"); } else { error("renaming of attachments is not allowed"); @@ -62,9 +63,8 @@ sub check_canrename ($$$$$$) { error(gettext("no change to the file name was specified")); } - # Must be a legal filename, and not absolute. - if (IkiWiki::file_pruned($destfile, $config{srcdir}) || - $destfile=~/^\//) { + # Must be a legal filename. + if (IkiWiki::file_pruned($destfile)) { error(sprintf(gettext("illegal name"))); } @@ -84,7 +84,7 @@ sub check_canrename ($$$$$$) { if ($attachment) { # Note that $srcfile is used here, not $destfile, # because it wants the current file, to check it. - IkiWiki::Plugin::attachment::check_canattach($session, $dest, $srcfile); + IkiWiki::Plugin::attachment::check_canattach($session, $dest, "$config{srcdir}/$srcfile"); } } @@ -126,11 +126,13 @@ sub rename_form ($$$) { javascript => 0, params => $q, action => $config{cgiurl}, - stylesheet => IkiWiki::baseurl()."style.css", + stylesheet => 1, fields => [qw{do page new_name attachment}], ); $f->field(name => "do", type => "hidden", value => "rename", force => 1); + $f->field(name => "sid", type => "hidden", value => $session->id, + force => 1); $f->field(name => "page", type => "hidden", value => $page, force => 1); $f->field(name => "new_name", value => pagetitle($page, 1), size => 60); if (!$q->param("attachment")) { @@ -235,6 +237,7 @@ sub formbuilder (@) { if (defined $form->field("do") && ($form->field("do") eq "edit" || $form->field("do") eq "create")) { + IkiWiki::decode_form_utf8($form); my $q=$params{cgi}; my $session=$params{session}; @@ -242,7 +245,7 @@ sub formbuilder (@) { rename_start($q, $session, 0, $form->field("page")); } elsif ($form->submitted eq "Rename Attachment") { - my @selected=$q->param("attachment_select"); + my @selected=map { Encode::decode_utf8($_) } $q->param("attachment_select"); if (@selected > 1) { error(gettext("Only one attachment can be renamed at a time.")); } @@ -278,21 +281,23 @@ sub sessioncgi ($$) { if ($q->param("do") eq 'rename') { my $session=shift; - my ($form, $buttons)=rename_form($q, $session, $q->param("page")); + my ($form, $buttons)=rename_form($q, $session, Encode::decode_utf8($q->param("page"))); IkiWiki::decode_form_utf8($form); if ($form->submitted eq 'Cancel') { postrename($session); } elsif ($form->submitted eq 'Rename' && $form->validate) { + IkiWiki::checksessionexpiry($q, $session, $q->param('sid')); + # Queue of rename actions to perfom. my @torename; # These untaints are safe because of the checks # performed in check_canrename later. - my $src=$q->param("page"); + my $src=$form->field("page"); my $srcfile=IkiWiki::possibly_foolish_untaint($pagesources{$src}); - my $dest=IkiWiki::possibly_foolish_untaint(titlepage($q->param("new_name"))); + my $dest=IkiWiki::possibly_foolish_untaint(titlepage($form->field("new_name"))); my $destfile=$dest; if (! $q->param("attachment")) { my $type=$q->param('type'); @@ -480,7 +485,7 @@ sub renamepage_hook ($$$$) { return $content; } -sub rename_hook (@) { +sub rename_hook { my %params = @_; my @torename=@{$params{torename}};