From: Simon McVittie Date: Sun, 16 Nov 2008 18:23:23 +0000 (+0000) Subject: smcvpostcomment: always allow wikilinks, and do access control X-Git-Tag: 2.71~145 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=660a4ef151bd3da5135c9baa5b782ca373546d16;p=ikiwiki.git smcvpostcomment: always allow wikilinks, and do access control wikilinks are harmless, so we might as well allow them. Access control for this plugin is a bit odd, since we specifically don't want to allow comments to be edited - so the check is whether the user is allowed to edit a deliberately invalid page name, page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*) or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec} or the opposite in $config{locked_pages} to allow "editing" (really just posting) comments. --- diff --git a/IkiWiki/Plugin/smcvpostcomment.pm b/IkiWiki/Plugin/smcvpostcomment.pm index 59f0e8cfc..43b1d3e6f 100644 --- a/IkiWiki/Plugin/smcvpostcomment.pm +++ b/IkiWiki/Plugin/smcvpostcomment.pm @@ -113,7 +113,6 @@ sub sessioncgi ($$) { #{{{ return unless $do eq PLUGIN; # These are theoretically configurable, but currently hard-coded - my $allow_wikilinks = 0; my $allow_directives = 0; my $commit_comments = 1; @@ -187,15 +186,24 @@ sub sessioncgi ($$) { #{{{ exit; } + IkiWiki::check_canedit($page . "[" . PLUGIN . "]", $cgi, $session); + my ($authorurl, $author) = linkuser(getcgiuser($session)); my $body = $form->field('body') || ''; $body =~ s/\r\n/\n/g; $body =~ s/\r/\n/g; - $body .= "\n" if $body !~ /\n$/; + $body = "\n" if $body !~ /\n$/; + + unless ($allow_directives) { + # don't allow new-style directives at all + $body =~ s/(^|[^\\])\[\[!/$1\\[[!/g; - $body =~ s/\[\[([^!])/[[$1/g unless $allow_wikilinks; - $body =~ s/\[\[!/[[!/g unless $allow_directives; + # don't allow [[ unless it begins an old-style + # wikilink, if prefix_directives is off + $body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1\\[[!/g + unless $config{prefix_directives}; + } # In this template, the [[!meta]] directives should stay at the end, # so that they will override anything the user specifies. (For @@ -301,4 +309,16 @@ sub sessioncgi ($$) { #{{{ exit; } #}}} +package IkiWiki::PageSpec; + +sub match_smcvpostcomment ($$;@) { + my $page = shift; + my $glob = shift; + + unless ($page =~ s/\[smcvpostcomment\]$//) { + return IkiWiki::FailReason->new("not posting a comment"); + } + return match_glob($page, $glob); +} + 1