diff options
| author | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2008-11-16 18:23:23 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2008-12-11 21:14:02 +0000 |
| commit | 660a4ef151bd3da5135c9baa5b782ca373546d16 (patch) | |
| tree | faaf35b8c19b0d1907489b971d09bb1f18aae2c2 | |
| parent | 798dea20330d06690fcff11cf46aa64605b375d1 (diff) | |
smcvpostcomment: always allow wikilinks, and do access control
wikilinks are harmless, so we might as well allow them.
Access control for this plugin is a bit odd, since we specifically
don't want to allow comments to be edited - so the check is whether the
user is allowed to edit a deliberately invalid page name,
page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*)
or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec}
or the opposite in $config{locked_pages} to allow "editing" (really
just posting) comments.
| -rw-r--r-- | IkiWiki/Plugin/smcvpostcomment.pm | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm index 59f0e8cfc..43b1d3e6f 100644 --- a/IkiWiki/Plugin/smcvpostcomment.pm +++ b/IkiWiki/Plugin/smcvpostcomment.pm @@ -113,7 +113,6 @@ sub sessioncgi ($$) { #{{{ return unless $do eq PLUGIN; # These are theoretically configurable, but currently hard-coded - my $allow_wikilinks = 0; my $allow_directives = 0; my $commit_comments = 1; @@ -187,15 +186,24 @@ sub sessioncgi ($$) { #{{{ exit; } + IkiWiki::check_canedit($page . "[" . PLUGIN . "]", $cgi, $session); + my ($authorurl, $author) = linkuser(getcgiuser($session)); my $body = $form->field('body') || ''; $body =~ s/\r\n/\n/g; $body =~ s/\r/\n/g; - $body .= "\n" if $body !~ /\n$/; + $body = "\n" if $body !~ /\n$/; + + unless ($allow_directives) { + # don't allow new-style directives at all + $body =~ s/(^|[^\\])\[\[!/$1\\[[!/g; - $body =~ s/\[\[([^!])/[[$1/g unless $allow_wikilinks; - $body =~ s/\[\[!/[[!/g unless $allow_directives; + # don't allow [[ unless it begins an old-style + # wikilink, if prefix_directives is off + $body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1\\[[!/g + unless $config{prefix_directives}; + } # In this template, the [[!meta]] directives should stay at the end, # so that they will override anything the user specifies. (For @@ -301,4 +309,16 @@ sub sessioncgi ($$) { #{{{ exit; } #}}} +package IkiWiki::PageSpec; + +sub match_smcvpostcomment ($$;@) { + my $page = shift; + my $glob = shift; + + unless ($page =~ s/\[smcvpostcomment\]$//) { + return IkiWiki::FailReason->new("not posting a comment"); + } + return match_glob($page, $glob); +} + 1 |