diff options
| -rw-r--r-- | IkiWiki/Plugin/blogspam.pm | 14 | ||||
| -rw-r--r-- | IkiWiki/Plugin/comments.pm | 2 | ||||
| -rw-r--r-- | IkiWiki/Plugin/editpage.pm | 3 | ||||
| -rw-r--r-- | IkiWiki/Plugin/inline.pm | 4 | ||||
| -rw-r--r-- | debian/changelog | 10 | ||||
| -rw-r--r-- | doc/plugins/blogspam.mdwn | 2 |
6 files changed, 27 insertions, 8 deletions
diff --git a/IkiWiki/Plugin/blogspam.pm b/IkiWiki/Plugin/blogspam.pm index f0b6cb2a2..d32c2f169 100644 --- a/IkiWiki/Plugin/blogspam.pm +++ b/IkiWiki/Plugin/blogspam.pm @@ -61,12 +61,18 @@ sub checkcontent (@) { my %params=@_; my $session=$params{session}; - if (exists $config{blogspam_pagespec}) { - return undef - if ! pagespec_match($params{page}, $config{blogspam_pagespec}, - location => $params{page}); + my $spec='!admin()'; + if (exists $config{blogspam_pagespec} && + length $config{blogspam_pagespec}) { + $spec.=" and (".$config{blogspam_pagespec}.")"; } + my $user=$session->param("name"); + return undef unless pagespec_match($params{page}, $spec, + (defined $user ? (user => $user) : ()), + (defined $session->remote_addr() ? (ip => $session->remote_addr()) : ()), + location => $params{page}); + my $url=$defaulturl; $url = $config{blogspam_server} if exists $config{blogspam_server}; diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index d9183970d..6691dbafa 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -365,7 +365,7 @@ sub editcomment ($$) { # The untaint is OK (as in editpage) because we're about to pass # it to file_pruned and wiki_file_regexp anyway. - my $page = $form->field('page')=~/$config{wiki_file_regexp}/; + my ($page) = $form->field('page')=~/$config{wiki_file_regexp}/; $page = IkiWiki::possibly_foolish_untaint($page); if (! defined $page || ! length $page || IkiWiki::file_pruned($page)) { diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index df29bcc98..8f71dafa8 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -91,6 +91,9 @@ sub cgi_editpage ($$) { # This untaint is safe because we check file_pruned and # wiki_file_regexp. my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/; + if (! defined $page) { + error(gettext("bad page name")); + } $page=possibly_foolish_untaint($page); my $absolute=($page =~ s#^/+##); # absolute name used to force location if (! defined $page || ! length $page || diff --git a/IkiWiki/Plugin/inline.pm b/IkiWiki/Plugin/inline.pm index d89e14197..285077204 100644 --- a/IkiWiki/Plugin/inline.pm +++ b/IkiWiki/Plugin/inline.pm @@ -294,11 +294,11 @@ sub preprocess_inline (@) { if ($feeds) { if ($rss) { $rssurl=abs2rel($feedbase."rss".$feednum, dirname(htmlpage($params{destpage}))); - $rssdesc = gettext("%s (RSS feed)", $desc); + $rssdesc = sprintf(gettext("%s (RSS feed)"), $desc); } if ($atom) { $atomurl=abs2rel($feedbase."atom".$feednum, dirname(htmlpage($params{destpage}))); - $atomdesc = gettext("%s (Atom feed)", $desc); + $atomdesc = sprintf(gettext("%s (Atom feed)"), $desc); } } diff --git a/debian/changelog b/debian/changelog index b6465a2f1..4e16140cb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +ikiwiki (3.20110124) UNRELEASED; urgency=low + + * comments: Fix commenting, broken by security fix. + * blogspam: Don't check modifications from admins for spam, and also + allow the blogspam_pagespec to do other matches against who the user is. + * inline: Fix regression in feed titles. Closes: #610878 + (Thanks, Paul Wise) + + -- Joey Hess <joeyh@debian.org> Mon, 24 Jan 2011 16:56:05 -0400 + ikiwiki (3.20110123) unstable; urgency=low * Adapt autoindex test suite to work with old Test::More. diff --git a/doc/plugins/blogspam.mdwn b/doc/plugins/blogspam.mdwn index a13b6e8f4..c158316d4 100644 --- a/doc/plugins/blogspam.mdwn +++ b/doc/plugins/blogspam.mdwn @@ -23,7 +23,7 @@ you can check whether the interaction with blogspam.net works. The `blogspam_pagespec` setting is a [[ikiwiki/PageSpec]] that can be used to configure which pages are checked for spam. The default is to check all edits. If you only want to check [[comments]] (not wiki page edits), -set it to "postcomment(*)". +set it to "postcomment(*)". Posts by admins are never checked for spam. By default, the blogspam.net server is used to do the spam checking. To change this, the `blogspam_server` option can be set to the url for a |