summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/remove.pm
blob: d23b2cc1016851ac537303f9a3438df7446f40bd (plain) 
    

  1. #!/usr/bin/perl
    2. 

  2. package IkiWiki::Plugin::remove;
    3. 

  3. 

  4. use warnings;
    5. 

  5. use strict;
    6. 

  6. use IkiWiki 3.00;
    7. 

  7. 

  8. sub import {
    9. 

  9.     hook(type => "getsetup", id => "remove", call => \&getsetup);
    10. 

  10.     hook(type => "formbuilder_setup", id => "remove", call => \&formbuilder_setup);
    11. 

  11.     hook(type => "formbuilder", id => "remove", call => \&formbuilder);
    12. 

  12.     hook(type => "sessioncgi", id => "remove", call => \&sessioncgi);
    13. 

  13. 

  14. }
    15. 

  15. 

  16. sub getsetup () {
    17. 

  17.     return 
    18. 

  18.         plugin => {
    19. 

  19.             safe => 1,
    20. 

  20.             rebuild => 0,
    21. 

  21.             section => "web",
    22. 

  22.         },
    23. 

  23. }
    24. 

  24. 

  25. sub check_canremove ($$$) {
    26. 

  26.     my $page=shift;
    27. 

  27.     my $q=shift;
    28. 

  28.     my $session=shift;
    29. 

  29. 

  30.     # Must be a known source file.
    31. 

  31.     if (! exists $pagesources{$page}) {
    32. 

  32.         error(sprintf(gettext("%s does not exist"),
    33. 

  33.             htmllink("", "", $page, noimageinline => 1)));
    34. 

  34.     }
    35. 

  35. 

  36.     # Must exist on disk, and be a regular file.
    37. 

  37.     my $file=$pagesources{$page};
    38. 

  38.     if (! -e "$config{srcdir}/$file") {
    39. 

  39.         error(sprintf(gettext("%s is not in the srcdir, so it cannot be deleted"), $file));
    40. 

  40.     }
    41. 

  41.     elsif (-l "$config{srcdir}/$file" && ! -f _) {
    42. 

  42.         error(sprintf(gettext("%s is not a file"), $file));
    43. 

  43.     }
    44. 

  44.     
    45. 

  45.     # Must be editable.
    46. 

  46.     IkiWiki::check_canedit($page, $q, $session);
    47. 

  47. 

  48.     # If a user can't upload an attachment, don't let them delete it.
    49. 

  49.     # This is sorta overkill, but better safe than sorry.
    50. 

  50.     if (! defined pagetype($pagesources{$page})) {
    51. 

  51.         if (IkiWiki::Plugin::attachment->can("check_canattach")) {
    52. 

  52.             IkiWiki::Plugin::attachment::check_canattach($session, $page, "$config{srcdir}/$file");
    53. 

  53.         }
    54. 

  54.         else {
    55. 

  55.             error("removal of attachments is not allowed");
    56. 

  56.         }
    57. 

  57.     }
    58. 

  58. 

  59.     my $canremove;
    60. 

  60.     IkiWiki::run_hooks(canremove => sub {
    61. 

  61.         return if defined $canremove;
    62. 

  62.         my $ret=shift->(page => $page, cgi => $q, session => $session);
    63. 

  63.         if (defined $ret) {
    64. 

  64.             if ($ret eq "") {
    65. 

  65.                 $canremove=1;
    66. 

  66.             }
    67. 

  67.             elsif (ref $ret eq 'CODE') {
    68. 

  68.                 $ret->();
    69. 

  69.                 $canremove=0;
    70. 

  70.             }
    71. 

  71.             elsif (defined $ret) {
    72. 

  72.                 error($ret);
    73. 

  73.                 $canremove=0;
    74. 

  74.             }
    75. 

  75.         }
    76. 

  76.     });
    77. 

  77. }
    78. 

  78. 

  79. sub formbuilder_setup (@) {
    80. 

  80.     my %params=@_;
    81. 

  81.     my $form=$params{form};
    82. 

  82.     my $q=$params{cgi};
    83. 

  83. 

  84.     if (defined $form->field("do") && ($form->field("do") eq "edit" ||
    85. 

  85.         $form->field("do") eq "create")) {
    86. 

  86.         # Removal button for the page, and also for attachments.
    87. 

  87.         push @{$params{buttons}}, "Remove" if $form->field("do") eq "edit";
    88. 

  88.         $form->tmpl_param("field-remove" => '<input name="_submit" type="submit" value="Remove Attachments" />');
    89. 

  89.     }
    90. 

  90. }
    91. 

  91. 

  92. sub confirmation_form ($$) {
    93. 

  93.     my $q=shift;
    94. 

  94.     my $session=shift;
    95. 

  95. 

  96.     eval q{use CGI::FormBuilder};
    97. 

  97.     error($@) if $@;
    98. 

  98.     my $f = CGI::FormBuilder->new(
    99. 

  99.         name => "remove",
    100. 

  100.         header => 0,
    101. 

  101.         charset => "utf-8",
    102. 

  102.         method => 'POST',
    103. 

  103.         javascript => 0,
    104. 

  104.         params => $q,
    105. 

  105.         action => $config{cgiurl},
    106. 

  106.         stylesheet => 1,
    107. 

  107.         fields => [qw{do page}],
    108. 

  108.     );
    109. 

  109.     
    110. 

  110.     $f->field(name => "sid", type => "hidden", value => $session->id,
    111. 

  111.         force => 1);
    112. 

  112.     $f->field(name => "do", type => "hidden", value => "remove", force => 1);
    113. 

  113. 

  114.     return $f, ["Remove", "Cancel"];
    115. 

  115. }
    116. 

  116. 

  117. sub removal_confirm ($$@) {
    118. 

  118.     my $q=shift;
    119. 

  119.     my $session=shift;
    120. 

  120.     my $attachment=shift;
    121. 

  121.     my @pages=@_;
    122. 

  122. 

  123.     foreach my $page (@pages) {
    124. 

  124.         check_canremove($page, $q, $session);
    125. 

  125.     }
    126. 

  126. 

  127.     # Save current form state to allow returning to it later
    128. 

  128.     # without losing any edits.
    129. 

  129.     # (But don't save what button was submitted, to avoid
    130. 

  130.     # looping back to here.)
    131. 

  131.     # Note: "_submit" is CGI::FormBuilder internals.
    132. 

  132.     $q->param(-name => "_submit", -value => "");
    133. 

  133.     $session->param(postremove => scalar $q->Vars);
    134. 

  134.     IkiWiki::cgi_savesession($session);
    135. 

  135.     
    136. 

  136.     my ($f, $buttons)=confirmation_form($q, $session);
    137. 

  137.     $f->title(sprintf(gettext("confirm removal of %s"),
    138. 

  138.         join(", ", map { pagetitle($_) } @pages)));
    139. 

  139.     $f->field(name => "page", type => "hidden", value => \@pages, force => 1);
    140. 

  140.     if (defined $attachment) {
    141. 

  141.         $f->field(name => "attachment", type => "hidden",
    142. 

  142.             value => $attachment, force => 1);
    143. 

  143.     }
    144. 

  144. 

  145.     IkiWiki::showform($f, $buttons, $session, $q);
    146. 

  146.     exit 0;
    147. 

  147. }
    148. 

  148. 

  149. sub postremove ($) {
    150. 

  150.     my $session=shift;
    151. 

  151. 

  152.     # Load saved form state and return to edit form.
    153. 

  153.     my $postremove=CGI->new($session->param("postremove"));
    154. 

  154.     $session->clear("postremove");
    155. 

  155.     IkiWiki::cgi_savesession($session);
    156. 

  156.     IkiWiki::cgi($postremove, $session);
    157. 

  157. }
    158. 

  158. 

  159. sub formbuilder (@) {
    160. 

  160.     my %params=@_;
    161. 

  161.     my $form=$params{form};
    162. 

  162. 

  163.     if (defined $form->field("do") && ($form->field("do") eq "edit" ||
    164. 

  164.         $form->field("do") eq "create")) {
    165. 

  165.         my $q=$params{cgi};
    166. 

  166.         my $session=$params{session};
    167. 

  167. 

  168.         if ($form->submitted eq "Remove" && $form->field("do") eq "edit") {
    169. 

  169.             removal_confirm($q, $session, 0, $form->field("page"));
    170. 

  170.         }
    171. 

  171.         elsif ($form->submitted eq "Remove Attachments") {
    172. 

  172.             my @selected=map { Encode::decode_utf8($_) } $q->param("attachment_select");
    173. 

  173.             if (! @selected) {
    174. 

  174.                 error(gettext("Please select the attachments to remove."));
    175. 

  175.             }
    176. 

  176.             removal_confirm($q, $session, 1, @selected);
    177. 

  177.         }
    178. 

  178.     }
    179. 

  179. }
    180. 

  180. 

  181. sub sessioncgi ($$) {
    182. 

  182.         my $q=shift;
    183. 

  183. 

  184.     if ($q->param("do") eq 'remove') {
    185. 

  185.             my $session=shift;
    186. 

  186.         my ($form, $buttons)=confirmation_form($q, $session);
    187. 

  187.         IkiWiki::decode_form_utf8($form);
    188. 

  188. 

  189.         if ($form->submitted eq 'Cancel') {
    190. 

  190.             postremove($session);
    191. 

  191.         }
    192. 

  192.         elsif ($form->submitted eq 'Remove' && $form->validate) {
    193. 

  193.             IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
    194. 

  194. 

  195.             my @pages=$form->field("page");
    196. 

  196.     
    197. 

  197.             # Validate removal by checking that the page exists,
    198. 

  198.             # and that the user is allowed to edit(/remove) it.
    199. 

  199.             my @files;
    200. 

  200.             foreach my $page (@pages) {
    201. 

  201.                 check_canremove($page, $q, $session);
    202. 

  202.                 
    203. 

  203.                 # This untaint is safe because of the
    204. 

  204.                 # checks performed above, which verify the
    205. 

  205.                 # page is a normal file, etc.
    206. 

  206.                 push @files, IkiWiki::possibly_foolish_untaint($pagesources{$page});
    207. 

  207.             }
    208. 

  208. 

  209.             # Do removal, and update the wiki.
    210. 

  210.             require IkiWiki::Render;
    211. 

  211.             if ($config{rcs}) {
    212. 

  212.                 IkiWiki::disable_commit_hook();
    213. 

  213.                 foreach my $file (@files) {
    214. 

  214.                     IkiWiki::rcs_remove($file);
    215. 

  215.                 }
    216. 

  216.                 IkiWiki::rcs_commit_staged(gettext("removed"),
    217. 

  217.                     $session->param("name"), $ENV{REMOTE_ADDR});
    218. 

  218.                 IkiWiki::enable_commit_hook();
    219. 

  219.                 IkiWiki::rcs_update();
    220. 

  220.             }
    221. 

  221.             else {
    222. 

  222.                 foreach my $file (@files) {
    223. 

  223.                     IkiWiki::prune("$config{srcdir}/$file");
    224. 

  224.                 }
    225. 

  225.             }
    226. 

  226.             IkiWiki::refresh();
    227. 

  227.             IkiWiki::saveindex();
    228. 

  228. 

  229.             if ($q->param("attachment")) {
    230. 

  230.                 # Attachments were deleted, so redirect
    231. 

  231.                 # back to the edit form.
    232. 

  232.                 postremove($session);
    233. 

  233.             }
    234. 

  234.             else {
    235. 

  235.                 # The page is gone, so redirect to parent
    236. 

  236.                 # of the page.
    237. 

  237.                 my $parent=IkiWiki::dirname($pages[0]);
    238. 

  238.                 if (! exists $pagesources{$parent}) {
    239. 

  239.                     $parent="index";
    240. 

  240.                 }
    241. 

  241.                 IkiWiki::redirect($q, urlto($parent, '/', 1));
    242. 

  242.             }
    243. 

  243.         }
    244. 

  244.         else {
    245. 

  245.             removal_confirm($q, $session, 0, $form->field("page"));
    246. 

  246.         }
    247. 

  247. 

  248.         exit 0;
    249. 

  249.     }
    250. 

  250. }
    251. 

  251. 

  252. 1
    253.
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-05 05:03:06 +0000