summaryrefslogtreecommitdiff
path: root/IkiWiki/CGI.pm
blob: 52da67b9a13453ba4c83fc81edc474a4da89d360 (plain)
  1. #!/usr/bin/perl
  2. use warnings;
  3. use strict;
  4. package IkiWiki;
  5. sub page_locked ($$;$) { #{{{
  6. my $page=shift;
  7. my $session=shift;
  8. my $nonfatal=shift;
  9. my $user=$session->param("name");
  10. return if length $user && is_admin($user);
  11. foreach my $admin (@{$config{adminuser}}) {
  12. my $locked_pages=userinfo_get($admin, "locked_pages");
  13. if (globlist_match($page, userinfo_get($admin, "locked_pages"))) {
  14. return 1 if $nonfatal;
  15. error(htmllink("", $page, 1)." is locked by ".
  16. htmllink("", $admin, 1)." and cannot be edited.");
  17. }
  18. }
  19. return 0;
  20. } #}}}
  21. sub cgi_recentchanges ($) { #{{{
  22. my $q=shift;
  23. unlockwiki();
  24. my $template=HTML::Template->new(
  25. filename => "$config{templatedir}/recentchanges.tmpl"
  26. );
  27. $template->param(
  28. title => "RecentChanges",
  29. indexlink => indexlink(),
  30. wikiname => $config{wikiname},
  31. changelog => [rcs_recentchanges(100)],
  32. );
  33. print $q->header, $template->output;
  34. } #}}}
  35. sub cgi_signin ($$) { #{{{
  36. my $q=shift;
  37. my $session=shift;
  38. eval q{use CGI::FormBuilder};
  39. my $form = CGI::FormBuilder->new(
  40. title => "signin",
  41. fields => [qw(do title page subpage from name password confirm_password email)],
  42. header => 1,
  43. method => 'POST',
  44. validate => {
  45. confirm_password => {
  46. perl => q{eq $form->field("password")},
  47. },
  48. email => 'EMAIL',
  49. },
  50. required => 'NONE',
  51. javascript => 0,
  52. params => $q,
  53. action => $q->request_uri,
  54. header => 0,
  55. template => (-e "$config{templatedir}/signin.tmpl" ?
  56. "$config{templatedir}/signin.tmpl" : "")
  57. );
  58. $form->field(name => "name", required => 0);
  59. $form->field(name => "do", type => "hidden");
  60. $form->field(name => "page", type => "hidden");
  61. $form->field(name => "title", type => "hidden");
  62. $form->field(name => "from", type => "hidden");
  63. $form->field(name => "subpage", type => "hidden");
  64. $form->field(name => "password", type => "password", required => 0);
  65. $form->field(name => "confirm_password", type => "password", required => 0);
  66. $form->field(name => "email", required => 0);
  67. if ($q->param("do") ne "signin") {
  68. $form->text("You need to log in first.");
  69. }
  70. if ($form->submitted) {
  71. # Set required fields based on how form was submitted.
  72. my %required=(
  73. "Login" => [qw(name password)],
  74. "Register" => [qw(name password confirm_password email)],
  75. "Mail Password" => [qw(name)],
  76. );
  77. foreach my $opt (@{$required{$form->submitted}}) {
  78. $form->field(name => $opt, required => 1);
  79. }
  80. # Validate password differently depending on how
  81. # form was submitted.
  82. if ($form->submitted eq 'Login') {
  83. $form->field(
  84. name => "password",
  85. validate => sub {
  86. length $form->field("name") &&
  87. shift eq userinfo_get($form->field("name"), 'password');
  88. },
  89. );
  90. $form->field(name => "name", validate => '/^\w+$/');
  91. }
  92. else {
  93. $form->field(name => "password", validate => 'VALUE');
  94. }
  95. # And make sure the entered name exists when logging
  96. # in or sending email, and does not when registering.
  97. if ($form->submitted eq 'Register') {
  98. $form->field(
  99. name => "name",
  100. validate => sub {
  101. my $name=shift;
  102. length $name &&
  103. ! userinfo_get($name, "regdate");
  104. },
  105. );
  106. }
  107. else {
  108. $form->field(
  109. name => "name",
  110. validate => sub {
  111. my $name=shift;
  112. length $name &&
  113. userinfo_get($name, "regdate");
  114. },
  115. );
  116. }
  117. }
  118. else {
  119. # First time settings.
  120. $form->field(name => "name", comment => "use FirstnameLastName");
  121. $form->field(name => "confirm_password", comment => "(only needed");
  122. $form->field(name => "email", comment => "for registration)");
  123. if ($session->param("name")) {
  124. $form->field(name => "name", value => $session->param("name"));
  125. }
  126. }
  127. if ($form->submitted && $form->validate) {
  128. if ($form->submitted eq 'Login') {
  129. $session->param("name", $form->field("name"));
  130. if (defined $form->field("do") &&
  131. $form->field("do") ne 'signin') {
  132. print $q->redirect(cgiurl(
  133. do => $form->field("do"),
  134. page => $form->field("page"),
  135. title => $form->field("title"),
  136. subpage => $form->field("subpage"),
  137. from => $form->field("from"),
  138. ));
  139. }
  140. else {
  141. print $q->redirect($config{url});
  142. }
  143. }
  144. elsif ($form->submitted eq 'Register') {
  145. my $user_name=$form->field('name');
  146. if (userinfo_setall($user_name, {
  147. 'email' => $form->field('email'),
  148. 'password' => $form->field('password'),
  149. 'regdate' => time
  150. })) {
  151. $form->field(name => "confirm_password", type => "hidden");
  152. $form->field(name => "email", type => "hidden");
  153. $form->text("Registration successful. Now you can Login.");
  154. print $session->header();
  155. print misctemplate($form->title, $form->render(submit => ["Login"]));
  156. }
  157. else {
  158. error("Error saving registration.");
  159. }
  160. }
  161. elsif ($form->submitted eq 'Mail Password') {
  162. my $user_name=$form->field("name");
  163. my $template=HTML::Template->new(
  164. filename => "$config{templatedir}/passwordmail.tmpl"
  165. );
  166. $template->param(
  167. user_name => $user_name,
  168. user_password => userinfo_get($user_name, "password"),
  169. wikiurl => $config{url},
  170. wikiname => $config{wikiname},
  171. REMOTE_ADDR => $ENV{REMOTE_ADDR},
  172. );
  173. eval q{use Mail::Sendmail};
  174. my ($fromhost) = $config{cgiurl} =~ m!/([^/]+)!;
  175. sendmail(
  176. To => userinfo_get($user_name, "email"),
  177. From => "$config{wikiname} admin <".(getpwuid($>))[0]."@".$fromhost.">",
  178. Subject => "$config{wikiname} information",
  179. Message => $template->output,
  180. ) or error("Failed to send mail");
  181. $form->text("Your password has been emailed to you.");
  182. $form->field(name => "name", required => 0);
  183. print $session->header();
  184. print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
  185. }
  186. }
  187. else {
  188. print $session->header();
  189. print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
  190. }
  191. } #}}}
  192. sub cgi_prefs ($$) { #{{{
  193. my $q=shift;
  194. my $session=shift;
  195. eval q{use CGI::FormBuilder};
  196. my $form = CGI::FormBuilder->new(
  197. title => "preferences",
  198. fields => [qw(do name password confirm_password email locked_pages)],
  199. header => 0,
  200. method => 'POST',
  201. validate => {
  202. confirm_password => {
  203. perl => q{eq $form->field("password")},
  204. },
  205. email => 'EMAIL',
  206. },
  207. required => 'NONE',
  208. javascript => 0,
  209. params => $q,
  210. action => $q->request_uri,
  211. template => (-e "$config{templatedir}/prefs.tmpl" ?
  212. "$config{templatedir}/prefs.tmpl" : "")
  213. );
  214. my @buttons=("Save Preferences", "Logout", "Cancel");
  215. my $user_name=$session->param("name");
  216. $form->field(name => "do", type => "hidden");
  217. $form->field(name => "name", disabled => 1,
  218. value => $user_name, force => 1);
  219. $form->field(name => "password", type => "password");
  220. $form->field(name => "confirm_password", type => "password");
  221. $form->field(name => "locked_pages", size => 50,
  222. comment => "(".htmllink("", "GlobList", 1).")");
  223. if (! is_admin($user_name)) {
  224. $form->field(name => "locked_pages", type => "hidden");
  225. }
  226. if (! $form->submitted) {
  227. $form->field(name => "email", force => 1,
  228. value => userinfo_get($user_name, "email"));
  229. $form->field(name => "locked_pages", force => 1,
  230. value => userinfo_get($user_name, "locked_pages"));
  231. }
  232. if ($form->submitted eq 'Logout') {
  233. $session->delete();
  234. print $q->redirect($config{url});
  235. return;
  236. }
  237. elsif ($form->submitted eq 'Cancel') {
  238. print $q->redirect($config{url});
  239. return;
  240. }
  241. elsif ($form->submitted eq "Save Preferences" && $form->validate) {
  242. foreach my $field (qw(password email locked_pages)) {
  243. if (length $form->field($field)) {
  244. userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
  245. }
  246. }
  247. $form->text("Preferences saved.");
  248. }
  249. print $session->header();
  250. print misctemplate($form->title, $form->render(submit => \@buttons));
  251. } #}}}
  252. sub cgi_editpage ($$) { #{{{
  253. my $q=shift;
  254. my $session=shift;
  255. eval q{use CGI::FormBuilder};
  256. my $form = CGI::FormBuilder->new(
  257. fields => [qw(do rcsinfo subpage from page content comments)],
  258. header => 1,
  259. method => 'POST',
  260. validate => {
  261. content => '/.+/',
  262. },
  263. required => [qw{content}],
  264. javascript => 0,
  265. params => $q,
  266. action => $q->request_uri,
  267. table => 0,
  268. template => "$config{templatedir}/editpage.tmpl"
  269. );
  270. my @buttons=("Save Page", "Preview", "Cancel");
  271. # This untaint is safe because titlepage removes any problimatic
  272. # characters.
  273. my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
  274. if (! defined $page || ! length $page ||
  275. $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
  276. error("bad page name");
  277. }
  278. $page=lc($page);
  279. my $file=$page.$config{default_pageext};
  280. my $newfile=1;
  281. if (exists $pagesources{lc($page)}) {
  282. $file=$pagesources{lc($page)};
  283. $newfile=0;
  284. }
  285. $form->field(name => "do", type => 'hidden');
  286. $form->field(name => "from", type => 'hidden');
  287. $form->field(name => "rcsinfo", type => 'hidden');
  288. $form->field(name => "subpage", type => 'hidden');
  289. $form->field(name => "page", value => "$page", force => 1);
  290. $form->field(name => "comments", type => "text", size => 80);
  291. $form->field(name => "content", type => "textarea", rows => 20,
  292. cols => 80);
  293. $form->tmpl_param("can_commit", $config{rcs});
  294. $form->tmpl_param("indexlink", indexlink());
  295. $form->tmpl_param("helponformattinglink",
  296. htmllink("", "HelpOnFormatting", 1));
  297. if (! $form->submitted) {
  298. $form->field(name => "rcsinfo", value => rcs_prepedit($file),
  299. force => 1);
  300. }
  301. if ($form->submitted eq "Cancel") {
  302. print $q->redirect("$config{url}/".htmlpage($page));
  303. return;
  304. }
  305. elsif ($form->submitted eq "Preview") {
  306. require IkiWiki::Render;
  307. $form->tmpl_param("page_preview",
  308. htmlize($config{default_pageext},
  309. linkify($form->field('content'), $page)));
  310. }
  311. else {
  312. $form->tmpl_param("page_preview", "");
  313. }
  314. $form->tmpl_param("page_conflict", "");
  315. if (! $form->submitted || $form->submitted eq "Preview" ||
  316. ! $form->validate) {
  317. if ($form->field("do") eq "create") {
  318. if (exists $pagesources{lc($page)}) {
  319. # hmm, someone else made the page in the
  320. # meantime?
  321. print $q->redirect("$config{url}/".htmlpage($page));
  322. return;
  323. }
  324. my @page_locs;
  325. my $best_loc;
  326. my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/;
  327. if (! defined $from || ! length $from ||
  328. $from ne $form->param('from') ||
  329. $from=~/$config{wiki_file_prune_regexp}/ ||
  330. $from=~/^\// ||
  331. $form->submitted eq "Preview") {
  332. @page_locs=$best_loc=$page;
  333. }
  334. else {
  335. my $dir=$from."/";
  336. $dir=~s![^/]+/$!!;
  337. if ((defined $form->param('subpage') && length $form->param('subpage')) ||
  338. $page eq 'discussion') {
  339. $best_loc="$from/$page";
  340. }
  341. else {
  342. $best_loc=$dir.$page;
  343. }
  344. push @page_locs, $dir.$page;
  345. push @page_locs, "$from/$page";
  346. while (length $dir) {
  347. $dir=~s![^/]+/$!!;
  348. push @page_locs, $dir.$page;
  349. }
  350. @page_locs = grep {
  351. ! exists $pagesources{lc($_)} &&
  352. ! page_locked($_, $session, 1)
  353. } @page_locs;
  354. }
  355. $form->tmpl_param("page_select", 1);
  356. $form->field(name => "page", type => 'select',
  357. options => \@page_locs, value => $best_loc);
  358. $form->title("creating ".pagetitle($page));
  359. }
  360. elsif ($form->field("do") eq "edit") {
  361. page_locked($page, $session);
  362. if (! defined $form->field('content') ||
  363. ! length $form->field('content')) {
  364. my $content="";
  365. if (exists $pagesources{lc($page)}) {
  366. $content=readfile("$config{srcdir}/$pagesources{lc($page)}");
  367. $content=~s/\n/\r\n/g;
  368. }
  369. $form->field(name => "content", value => $content,
  370. force => 1);
  371. }
  372. $form->tmpl_param("page_select", 0);
  373. $form->field(name => "page", type => 'hidden');
  374. $form->title("editing ".pagetitle($page));
  375. }
  376. print $form->render(submit => \@buttons);
  377. }
  378. else {
  379. # save page
  380. page_locked($page, $session);
  381. my $content=$form->field('content');
  382. $content=~s/\r\n/\n/g;
  383. $content=~s/\r/\n/g;
  384. writefile("$config{srcdir}/$file", $content);
  385. my $message="web commit ";
  386. if (length $session->param("name")) {
  387. $message.="by ".$session->param("name");
  388. }
  389. else {
  390. $message.="from $ENV{REMOTE_ADDR}";
  391. }
  392. if (defined $form->field('comments') &&
  393. length $form->field('comments')) {
  394. $message.=": ".$form->field('comments');
  395. }
  396. if ($config{rcs}) {
  397. if ($newfile) {
  398. rcs_add($file);
  399. }
  400. # prevent deadlock with post-commit hook
  401. unlockwiki();
  402. # presumably the commit will trigger an update
  403. # of the wiki
  404. my $conflict=rcs_commit($file, $message,
  405. $form->field("rcsinfo"));
  406. if (defined $conflict) {
  407. $form->field(name => "rcsinfo", value => rcs_prepedit($file),
  408. force => 1);
  409. $form->tmpl_param("page_conflict", 1);
  410. $form->field("content", value => $conflict, force => 1);
  411. $form->field("do", "edit)");
  412. $form->tmpl_param("page_select", 0);
  413. $form->field(name => "page", type => 'hidden');
  414. $form->title("editing $page");
  415. print $form->render(submit => \@buttons);
  416. return;
  417. }
  418. }
  419. else {
  420. require IkiWiki::Render;
  421. refresh();
  422. saveindex();
  423. }
  424. # The trailing question mark tries to avoid broken
  425. # caches and get the most recent version of the page.
  426. print $q->redirect("$config{url}/".htmlpage($page)."?updated");
  427. }
  428. } #}}}
  429. sub cgi () { #{{{
  430. eval q{use CGI};
  431. eval q{use CGI::Session};
  432. my $q=CGI->new;
  433. my $do=$q->param('do');
  434. if (! defined $do || ! length $do) {
  435. error("\"do\" parameter missing");
  436. }
  437. # Things that do not need a session.
  438. if ($do eq 'recentchanges') {
  439. cgi_recentchanges($q);
  440. return;
  441. }
  442. CGI::Session->name("ikiwiki_session_$config{wikiname}");
  443. my $oldmask=umask(077);
  444. my $session = CGI::Session->new("driver:db_file", $q,
  445. { FileName => "$config{wikistatedir}/sessions.db" });
  446. umask($oldmask);
  447. # Everything below this point needs the user to be signed in.
  448. if ((! $config{anonok} && ! defined $session->param("name") ||
  449. ! defined $session->param("name") ||
  450. ! userinfo_get($session->param("name"), "regdate")) || $do eq 'signin') {
  451. cgi_signin($q, $session);
  452. # Force session flush with safe umask.
  453. my $oldmask=umask(077);
  454. $session->flush;
  455. umask($oldmask);
  456. return;
  457. }
  458. if ($do eq 'create' || $do eq 'edit') {
  459. cgi_editpage($q, $session);
  460. }
  461. elsif ($do eq 'prefs') {
  462. cgi_prefs($q, $session);
  463. }
  464. elsif ($do eq 'blog') {
  465. my $page=titlepage(lc($q->param('title')));
  466. # if the page already exists, munge it to be unique
  467. my $from=$q->param('from');
  468. my $add="";
  469. while (exists $oldpagemtime{"$from/$page$add"}) {
  470. $add=1 unless length $add;
  471. $add++;
  472. }
  473. $q->param('page', $page.$add);
  474. # now run same as create
  475. $q->param('do', 'create');
  476. cgi_editpage($q, $session);
  477. }
  478. else {
  479. error("unknown do parameter");
  480. }
  481. } #}}}
  482. 1