diff options
| -rw-r--r-- | IkiWiki/Plugin/comments.pm | 13 | ||||
| -rw-r--r-- | IkiWiki/Plugin/editpage.pm | 53 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | doc/plugins/write.mdwn | 22 |
4 files changed, 80 insertions, 10 deletions
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 16f9a873f..14e785c8f 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -467,9 +467,18 @@ sub sessioncgi ($$) { } if ($form->submitted eq POST_COMMENT && $form->validate) { - my $file = "$location._comment"; - IkiWiki::checksessionexpiry($cgi, $session); + + IkiWiki::check_content(content => $form->field('editcontent'), + subject => $form->field('subject'), + $config{comments_allowauthor} ? ( + author => $form->field('author'), + url => $form->field('url'), + ) : (), + page => $location, + cgi => $cgi, session => $session); + + my $file = "$location._comment"; # FIXME: could probably do some sort of graceful retry # on error? Would require significant unwinding though diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index ed994306f..bba52e4fd 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -78,7 +78,43 @@ sub check_canedit ($$$;$) { } } }); - return $canedit; + return defined $canedit ? $canedit : 1; +} + +sub check_content (@) { + my %params=@_; + + return 1 if ! exists $hooks{checkcontent}; # optimisation + + if (exists $pagesources{$params{page}}) { + my @diff; + my %old=map { $_ => 1 } + split("\n", readfile(srcfile($pagesources{$params{page}}))); + foreach my $line (split("\n", $params{content})) { + push @diff, $line if ! exists $old{$_}; + } + $params{content}=join("\n", @diff); + } + + my $ok; + run_hooks(checkcontent => sub { + return if defined $ok; + my $ret=shift->(%params); + if (defined $ret) { + if ($ret eq "") { + $ok=1; + } + elsif (ref $ret eq 'CODE') { + $ret->(); + $ok=0; + } + elsif (defined $ret) { + error($ret); + } + } + + }); + return defined $ok ? $ok : 1; } sub cgi_editpage ($$) { @@ -368,8 +404,17 @@ sub cgi_editpage ($$) { showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl); exit; } + + my $message=""; + if (defined $form->field('comments') && + length $form->field('comments')) { + $message=$form->field('comments'); + } my $content=$form->field('editcontent'); + check_content(content => $content, page => $page, + cgi => $q, session => $session, + subject => $message); run_hooks(editcontent => sub { $content=shift->( content => $content, @@ -403,12 +448,6 @@ sub cgi_editpage ($$) { my $conflict; if ($config{rcs}) { - my $message=""; - if (defined $form->field('comments') && - length $form->field('comments')) { - $message=$form->field('comments'); - } - if (! $exists) { rcs_add($file); } diff --git a/debian/changelog b/debian/changelog index f35606148..b75fe6afc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,6 +18,8 @@ ikiwiki (3.02) UNRELEASED; urgency=low behave better. * Add auto-blog.setup, which will set up an ikiwiki instance tuned for use in blogging. + * checkcontent: New hook, can be used to implement arbitrary content + filters, including spam filters. -- Joey Hess <joeyh@debian.org> Tue, 06 Jan 2009 15:02:52 -0500 diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index 405876d58..99eea3d16 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -303,7 +303,7 @@ can check if the session object has a "name" parameter set. ### canedit - hook(type => "canedit", id => "foo", call => \&pagelocked); + hook(type => "canedit", id => "foo", call => \&canedit); This hook can be used to implement arbitrary access methods to control when a page can be edited using the web interface (commits from revision control @@ -321,6 +321,26 @@ This hook should avoid directly redirecting the user to a signin page, since it's sometimes used to test to see which pages in a set of pages a user can edit. +### checkcontent + + hook(type => "checkcontent", id => "foo", call => \&checkcontent); + +This hook is called to check the content a user has entered on a page, +before it is saved, and decide if it should be allowed. + +It is passed named parameters: `content`, `page`, `cgi`, and `session`. If +the content the user has entered is a comment, it may also be passed some +additional parameters: `author`, `url`, and `subject`. The `subject` +parameter may also be filled with the user's comment about the change. + +Note: When the user edits an existing wiki page, the passed `content` will +include only the lines that they added to the page, or modified. + +The hook should return `undef` on success. If the content is disallowed, it +should return a message stating what the problem is, or a function +that can be run to perform whatever action is necessary to allow the user +to post the content. + ### editcontent hook(type => "editcontent", id => "foo", call => \&editcontent); |