summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/editpage.pm
blob: fe2864bac7737cfdd151aec111ea81a966003f6b (plain)
  1. #!/usr/bin/perl
  2. package IkiWiki::Plugin::editpage;
  3. use warnings;
  4. use strict;
  5. use IkiWiki;
  6. use open qw{:utf8 :std};
  7. sub import { #{{{
  8. hook(type => "getsetup", id => "editpage", call => \&getsetup);
  9. hook(type => "refresh", id => "editpage", call => \&refresh);
  10. hook(type => "sessioncgi", id => "editpage", call => \&IkiWiki::cgi_editpage);
  11. } # }}}
  12. sub getsetup () { #{{{
  13. return
  14. plugin => {
  15. safe => 1,
  16. rebuild => 1,
  17. },
  18. } #}}}
  19. sub refresh () {
  20. if (exists $wikistate{editpage} && exists $wikistate{editpage}{previews}) {
  21. # Expire old preview files after one hour.
  22. my $expire=time - (60 * 60);
  23. my @previews;
  24. foreach my $file (@{$wikistate{editpage}{previews}}) {
  25. my $mtime=(stat("$config{destdir}/$file"))[9];
  26. if (defined $mtime && $mtime <= $expire) {
  27. # Avoid deleting a preview that was later saved.
  28. my $delete=1;
  29. foreach my $page (keys %renderedfiles) {
  30. if (grep { $_ eq $file } @{$renderedfiles{$page}}) {
  31. $delete=0;
  32. }
  33. }
  34. if ($delete) {
  35. debug(sprintf(gettext("removing old preview %s"), $file));
  36. IkiWiki::prune("$config{destdir}/$file");
  37. }
  38. }
  39. elsif (defined $mtime) {
  40. push @previews, $file;
  41. }
  42. }
  43. $wikistate{editpage}{previews}=\@previews;
  44. }
  45. }
  46. # Back to ikiwiki namespace for the rest, this code is very much
  47. # internal to ikiwiki even though it's separated into a plugin,
  48. # and other plugins use the functions below.
  49. package IkiWiki;
  50. sub check_canedit ($$$;$) { #{{{
  51. my $page=shift;
  52. my $q=shift;
  53. my $session=shift;
  54. my $nonfatal=shift;
  55. my $canedit;
  56. run_hooks(canedit => sub {
  57. return if defined $canedit;
  58. my $ret=shift->($page, $q, $session);
  59. if (defined $ret) {
  60. if ($ret eq "") {
  61. $canedit=1;
  62. }
  63. elsif (ref $ret eq 'CODE') {
  64. $ret->() unless $nonfatal;
  65. $canedit=0;
  66. }
  67. elsif (defined $ret) {
  68. error($ret) unless $nonfatal;
  69. $canedit=0;
  70. }
  71. }
  72. });
  73. return $canedit;
  74. } #}}}
  75. sub cgi_editpage ($$) { #{{{
  76. my $q=shift;
  77. my $session=shift;
  78. my $do=$q->param('do');
  79. return unless $do eq 'create' || $do eq 'edit';
  80. decode_cgi_utf8($q);
  81. my @fields=qw(do rcsinfo subpage from page type editcontent comments);
  82. my @buttons=("Save Page", "Preview", "Cancel");
  83. eval q{use CGI::FormBuilder};
  84. error($@) if $@;
  85. my $form = CGI::FormBuilder->new(
  86. fields => \@fields,
  87. charset => "utf-8",
  88. method => 'POST',
  89. required => [qw{editcontent}],
  90. javascript => 0,
  91. params => $q,
  92. action => $config{cgiurl},
  93. header => 0,
  94. table => 0,
  95. template => scalar template_params("editpage.tmpl"),
  96. wikiname => $config{wikiname},
  97. );
  98. decode_form_utf8($form);
  99. run_hooks(formbuilder_setup => sub {
  100. shift->(form => $form, cgi => $q, session => $session,
  101. buttons => \@buttons);
  102. });
  103. decode_form_utf8($form);
  104. # This untaint is safe because we check file_pruned and
  105. # wiki_file_regexp.
  106. my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/;
  107. $page=possibly_foolish_untaint($page);
  108. my $absolute=($page =~ s#^/+##);
  109. if (! defined $page || ! length $page ||
  110. file_pruned($page, $config{srcdir})) {
  111. error(gettext("bad page name"));
  112. }
  113. my $baseurl = urlto($page, undef, 1);
  114. my $from;
  115. if (defined $form->field('from')) {
  116. ($from)=$form->field('from')=~/$config{wiki_file_regexp}/;
  117. }
  118. my $file;
  119. my $type;
  120. if (exists $pagesources{$page} && $form->field("do") ne "create") {
  121. $file=$pagesources{$page};
  122. $type=pagetype($file);
  123. if (! defined $type || $type=~/^_/) {
  124. error(sprintf(gettext("%s is not an editable page"), $page));
  125. }
  126. if (! $form->submitted) {
  127. $form->field(name => "rcsinfo",
  128. value => rcs_prepedit($file), force => 1);
  129. }
  130. $form->field(name => "editcontent", validate => '/.*/');
  131. }
  132. else {
  133. $type=$form->param('type');
  134. if (defined $type && length $type && $hooks{htmlize}{$type}) {
  135. $type=possibly_foolish_untaint($type);
  136. }
  137. elsif (defined $from && exists $pagesources{$from}) {
  138. # favor the type of linking page
  139. $type=pagetype($pagesources{$from});
  140. }
  141. $type=$config{default_pageext} unless defined $type;
  142. $file=newpagefile($page, $type);
  143. if (! $form->submitted) {
  144. $form->field(name => "rcsinfo", value => "", force => 1);
  145. }
  146. $form->field(name => "editcontent", validate => '/.+/');
  147. }
  148. $form->field(name => "do", type => 'hidden');
  149. $form->field(name => "sid", type => "hidden", value => $session->id,
  150. force => 1);
  151. $form->field(name => "from", type => 'hidden');
  152. $form->field(name => "rcsinfo", type => 'hidden');
  153. $form->field(name => "subpage", type => 'hidden');
  154. $form->field(name => "page", value => $page, force => 1);
  155. $form->field(name => "type", value => $type, force => 1);
  156. $form->field(name => "comments", type => "text", size => 80);
  157. $form->field(name => "editcontent", type => "textarea", rows => 20,
  158. cols => 80);
  159. $form->tmpl_param("can_commit", $config{rcs});
  160. $form->tmpl_param("indexlink", indexlink());
  161. $form->tmpl_param("helponformattinglink",
  162. htmllink($page, $page, "ikiwiki/formatting",
  163. noimageinline => 1,
  164. linktext => "FormattingHelp"));
  165. if ($form->submitted eq "Cancel") {
  166. if ($form->field("do") eq "create" && defined $from) {
  167. redirect($q, urlto($from, undef, 1));
  168. }
  169. elsif ($form->field("do") eq "create") {
  170. redirect($q, $config{url});
  171. }
  172. else {
  173. redirect($q, urlto($page, undef, 1));
  174. }
  175. exit;
  176. }
  177. elsif ($form->submitted eq "Preview") {
  178. my $new=not exists $pagesources{$page};
  179. if ($new) {
  180. # temporarily record its type
  181. $pagesources{$page}=$page.".".$type;
  182. }
  183. my %wasrendered=map { $_ => 1 } @{$renderedfiles{$page}};
  184. my $content=$form->field('editcontent');
  185. run_hooks(editcontent => sub {
  186. $content=shift->(
  187. content => $content,
  188. page => $page,
  189. cgi => $q,
  190. session => $session,
  191. );
  192. });
  193. my $preview=htmlize($page, $page, $type,
  194. linkify($page, $page,
  195. preprocess($page, $page,
  196. filter($page, $page, $content), 0, 1)));
  197. run_hooks(format => sub {
  198. $preview=shift->(
  199. page => $page,
  200. content => $preview,
  201. );
  202. });
  203. $form->tmpl_param("page_preview", $preview);
  204. if ($new) {
  205. delete $pagesources{$page};
  206. }
  207. # Previewing may have created files on disk.
  208. # Keep a list of these to be deleted later.
  209. my %previews = map { $_ => 1 } @{$wikistate{editpage}{previews}};
  210. foreach my $f (@{$renderedfiles{$page}}) {
  211. $previews{$f}=1 unless $wasrendered{$f};
  212. }
  213. @{$wikistate{editpage}{previews}} = keys %previews;
  214. $renderedfiles{$page}=[keys %wasrendered];
  215. saveindex();
  216. }
  217. elsif ($form->submitted eq "Save Page") {
  218. $form->tmpl_param("page_preview", "");
  219. }
  220. if ($form->submitted ne "Save Page" || ! $form->validate) {
  221. if ($form->field("do") eq "create") {
  222. my @page_locs;
  223. my $best_loc;
  224. if (! defined $from || ! length $from ||
  225. $from ne $form->field('from') ||
  226. file_pruned($from, $config{srcdir}) ||
  227. $from=~/^\// ||
  228. $absolute ||
  229. $form->submitted) {
  230. @page_locs=$best_loc=$page;
  231. }
  232. else {
  233. my $dir=$from."/";
  234. $dir=~s![^/]+/+$!!;
  235. if ((defined $form->field('subpage') && length $form->field('subpage')) ||
  236. $page eq gettext('discussion')) {
  237. $best_loc="$from/$page";
  238. }
  239. else {
  240. $best_loc=$dir.$page;
  241. }
  242. push @page_locs, $dir.$page;
  243. push @page_locs, "$from/$page";
  244. while (length $dir) {
  245. $dir=~s![^/]+/+$!!;
  246. push @page_locs, $dir.$page;
  247. }
  248. push @page_locs, "$config{userdir}/$page"
  249. if length $config{userdir};
  250. }
  251. @page_locs = grep {
  252. ! exists $pagecase{lc $_}
  253. } @page_locs;
  254. if (! @page_locs) {
  255. # hmm, someone else made the page in the
  256. # meantime?
  257. if ($form->submitted eq "Preview") {
  258. # let them go ahead with the edit
  259. # and resolve the conflict at save
  260. # time
  261. @page_locs=$page;
  262. }
  263. else {
  264. redirect($q, urlto($page, undef, 1));
  265. exit;
  266. }
  267. }
  268. my @editable_locs = grep {
  269. check_canedit($_, $q, $session, 1)
  270. } @page_locs;
  271. if (! @editable_locs) {
  272. # let it throw an error this time
  273. map { check_canedit($_, $q, $session) } @page_locs;
  274. }
  275. my @page_types;
  276. if (exists $hooks{htmlize}) {
  277. @page_types=grep { !/^_/ }
  278. keys %{$hooks{htmlize}};
  279. }
  280. $form->tmpl_param("page_select", 1);
  281. $form->field(name => "page", type => 'select',
  282. options => [ map { [ $_, pagetitle($_, 1) ] } @editable_locs ],
  283. value => $best_loc);
  284. $form->field(name => "type", type => 'select',
  285. options => \@page_types);
  286. $form->title(sprintf(gettext("creating %s"), pagetitle($page)));
  287. }
  288. elsif ($form->field("do") eq "edit") {
  289. check_canedit($page, $q, $session);
  290. if (! defined $form->field('editcontent') ||
  291. ! length $form->field('editcontent')) {
  292. my $content="";
  293. if (exists $pagesources{$page}) {
  294. $content=readfile(srcfile($pagesources{$page}));
  295. $content=~s/\n/\r\n/g;
  296. }
  297. $form->field(name => "editcontent", value => $content,
  298. force => 1);
  299. }
  300. $form->tmpl_param("page_select", 0);
  301. $form->field(name => "page", type => 'hidden');
  302. $form->field(name => "type", type => 'hidden');
  303. $form->title(sprintf(gettext("editing %s"), pagetitle($page)));
  304. }
  305. showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
  306. }
  307. else {
  308. # save page
  309. check_canedit($page, $q, $session);
  310. # The session id is stored on the form and checked to
  311. # guard against CSRF. But only if the user is logged in,
  312. # as anonok can allow anonymous edits.
  313. if (defined $session->param("name")) {
  314. my $sid=$q->param('sid');
  315. if (! defined $sid || $sid ne $session->id) {
  316. error(gettext("Your login session has expired."));
  317. }
  318. }
  319. my $exists=-e "$config{srcdir}/$file";
  320. if ($form->field("do") ne "create" && ! $exists &&
  321. ! defined srcfile($file, 1)) {
  322. $form->tmpl_param("message", template("editpagegone.tmpl")->output);
  323. $form->field(name => "do", value => "create", force => 1);
  324. $form->tmpl_param("page_select", 0);
  325. $form->field(name => "page", type => 'hidden');
  326. $form->field(name => "type", type => 'hidden');
  327. $form->title(sprintf(gettext("editing %s"), $page));
  328. showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
  329. exit;
  330. }
  331. elsif ($form->field("do") eq "create" && $exists) {
  332. $form->tmpl_param("message", template("editcreationconflict.tmpl")->output);
  333. $form->field(name => "do", value => "edit", force => 1);
  334. $form->tmpl_param("page_select", 0);
  335. $form->field(name => "page", type => 'hidden');
  336. $form->field(name => "type", type => 'hidden');
  337. $form->title(sprintf(gettext("editing %s"), $page));
  338. $form->field("editcontent",
  339. value => readfile("$config{srcdir}/$file").
  340. "\n\n\n".$form->field("editcontent"),
  341. force => 1);
  342. showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
  343. exit;
  344. }
  345. my $content=$form->field('editcontent');
  346. run_hooks(editcontent => sub {
  347. $content=shift->(
  348. content => $content,
  349. page => $page,
  350. cgi => $q,
  351. session => $session,
  352. );
  353. });
  354. $content=~s/\r\n/\n/g;
  355. $content=~s/\r/\n/g;
  356. $content.="\n" if $content !~ /\n$/;
  357. $config{cgi}=0; # avoid cgi error message
  358. eval { writefile($file, $config{srcdir}, $content) };
  359. $config{cgi}=1;
  360. if ($@) {
  361. $form->field(name => "rcsinfo", value => rcs_prepedit($file),
  362. force => 1);
  363. my $mtemplate=template("editfailedsave.tmpl");
  364. $mtemplate->param(error_message => $@);
  365. $form->tmpl_param("message", $mtemplate->output);
  366. $form->field("editcontent", value => $content, force => 1);
  367. $form->tmpl_param("page_select", 0);
  368. $form->field(name => "page", type => 'hidden');
  369. $form->field(name => "type", type => 'hidden');
  370. $form->title(sprintf(gettext("editing %s"), $page));
  371. showform($form, \@buttons, $session, $q,
  372. forcebaseurl => $baseurl);
  373. exit;
  374. }
  375. my $conflict;
  376. if ($config{rcs}) {
  377. my $message="";
  378. if (defined $form->field('comments') &&
  379. length $form->field('comments')) {
  380. $message=$form->field('comments');
  381. }
  382. if (! $exists) {
  383. rcs_add($file);
  384. }
  385. # Prevent deadlock with post-commit hook by
  386. # signaling to it that it should not try to
  387. # do anything.
  388. disable_commit_hook();
  389. $conflict=rcs_commit($file, $message,
  390. $form->field("rcsinfo"),
  391. $session->param("name"), $ENV{REMOTE_ADDR});
  392. enable_commit_hook();
  393. rcs_update();
  394. }
  395. # Refresh even if there was a conflict, since other changes
  396. # may have been committed while the post-commit hook was
  397. # disabled.
  398. require IkiWiki::Render;
  399. refresh();
  400. saveindex();
  401. if (defined $conflict) {
  402. $form->field(name => "rcsinfo", value => rcs_prepedit($file),
  403. force => 1);
  404. $form->tmpl_param("message", template("editconflict.tmpl")->output);
  405. $form->field("editcontent", value => $conflict, force => 1);
  406. $form->field("do", "edit", force => 1);
  407. $form->tmpl_param("page_select", 0);
  408. $form->field(name => "page", type => 'hidden');
  409. $form->field(name => "type", type => 'hidden');
  410. $form->title(sprintf(gettext("editing %s"), $page));
  411. showform($form, \@buttons, $session, $q,
  412. forcebaseurl => $baseurl);
  413. }
  414. else {
  415. # The trailing question mark tries to avoid broken
  416. # caches and get the most recent version of the page.
  417. redirect($q, urlto($page, undef, 1)."?updated");
  418. }
  419. }
  420. exit;
  421. } #}}}
  422. 1