Fossil SCM
/wikiappend: removed ability to append to sandbox (wikiedit long since removed that capability). Fixed selection of mimetype name for text/plain pages. Moved permissions check to the top of the function. Largely based on suggestions from [forum:0acfdaac80|forum post 0acfdaac80].
Commit
202cbcf0152c03ce81fc9d6d1ff3ffdb4c9b838d2b7f8e4717cc2e7712430a6d
Parent
c440011b74eb591…
1 file changed
+48
-47
+48
-47
| --- src/wiki.c | ||
| +++ src/wiki.c | ||
| @@ -666,11 +666,11 @@ | ||
| 666 | 666 | /* |
| 667 | 667 | ** Given a mimetype, return its common name. |
| 668 | 668 | */ |
| 669 | 669 | static const char *mimetype_common_name(const char *zMimetype){ |
| 670 | 670 | int i; |
| 671 | - for(i=4; i>=2; i-=2){ | |
| 671 | + for(i=6; i>=0; i-=3){ | |
| 672 | 672 | if( zMimetype && fossil_strcmp(zMimetype, azStyles[i])==0 ){ |
| 673 | 673 | return azStyles[i+1]; |
| 674 | 674 | } |
| 675 | 675 | } |
| 676 | 676 | return azStyles[1]; |
| @@ -1592,97 +1592,97 @@ | ||
| 1592 | 1592 | ** Append text to the end of a wiki page. |
| 1593 | 1593 | */ |
| 1594 | 1594 | void wikiappend_page(void){ |
| 1595 | 1595 | char *zTag; |
| 1596 | 1596 | int rid = 0; |
| 1597 | - int isSandbox; | |
| 1598 | 1597 | const char *zPageName; |
| 1599 | 1598 | const char *zUser; |
| 1600 | 1599 | const char *zMimetype; |
| 1601 | 1600 | int goodCaptcha = 1; |
| 1602 | 1601 | const char *zFormat; |
| 1602 | + Manifest *pWiki = 0; | |
| 1603 | + int isSandbox; | |
| 1603 | 1604 | |
| 1604 | 1605 | login_check_credentials(); |
| 1606 | + if( !g.perm.ApndWiki ){ | |
| 1607 | + login_needed(g.anon.ApndWiki); | |
| 1608 | + return; | |
| 1609 | + } | |
| 1605 | 1610 | zPageName = PD("name",""); |
| 1606 | 1611 | zMimetype = wiki_filter_mimetypes(P("mimetype")); |
| 1607 | 1612 | if( check_name(zPageName) ) return; |
| 1608 | 1613 | isSandbox = is_sandbox(zPageName); |
| 1609 | - if( !isSandbox ){ | |
| 1614 | + if(!isSandbox){ | |
| 1610 | 1615 | zTag = mprintf("wiki-%s", zPageName); |
| 1611 | 1616 | rid = db_int(0, |
| 1612 | 1617 | "SELECT rid FROM tagxref" |
| 1613 | 1618 | " WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)" |
| 1614 | 1619 | " ORDER BY mtime DESC", zTag |
| 1615 | 1620 | ); |
| 1616 | 1621 | free(zTag); |
| 1617 | - if( !rid ){ | |
| 1622 | + pWiki = rid ? manifest_get(rid, CFTYPE_WIKI, 0) : 0; | |
| 1623 | + if( !pWiki ){ | |
| 1618 | 1624 | fossil_redirect_home(); |
| 1619 | 1625 | return; |
| 1620 | 1626 | } |
| 1621 | - } | |
| 1622 | - if( !g.perm.ApndWiki ){ | |
| 1623 | - login_needed(g.anon.ApndWiki); | |
| 1624 | - return; | |
| 1627 | + zMimetype = wiki_filter_mimetypes(pWiki->zMimetype) | |
| 1628 | + /* see https://fossil-scm.org/forum/forumpost/0acfdaac80 */; | |
| 1625 | 1629 | } |
| 1626 | - if( P("submit")!=0 && P("r")!=0 && P("u")!=0 | |
| 1630 | + if( !isSandbox && P("submit")!=0 && P("r")!=0 && P("u")!=0 | |
| 1627 | 1631 | && (goodCaptcha = captcha_is_correct(0)) |
| 1628 | 1632 | ){ |
| 1629 | 1633 | char *zDate; |
| 1630 | 1634 | Blob cksum; |
| 1631 | 1635 | Blob body; |
| 1632 | 1636 | Blob wiki; |
| 1633 | - Manifest *pWiki = 0; | |
| 1634 | 1637 | |
| 1635 | 1638 | blob_zero(&body); |
| 1636 | - if( isSandbox ){ | |
| 1637 | - blob_append(&body, db_get("sandbox",""), -1); | |
| 1638 | - appendRemark(&body, zMimetype); | |
| 1639 | - db_set("sandbox", blob_str(&body), 0); | |
| 1640 | - }else{ | |
| 1641 | - login_verify_csrf_secret(); | |
| 1642 | - pWiki = manifest_get(rid, CFTYPE_WIKI, 0); | |
| 1643 | - if( pWiki ){ | |
| 1644 | - blob_append(&body, pWiki->zWiki, -1); | |
| 1645 | - manifest_destroy(pWiki); | |
| 1646 | - } | |
| 1647 | - blob_zero(&wiki); | |
| 1648 | - db_begin_transaction(); | |
| 1649 | - zDate = date_in_standard_format("now"); | |
| 1650 | - blob_appendf(&wiki, "D %s\n", zDate); | |
| 1651 | - blob_appendf(&wiki, "L %F\n", zPageName); | |
| 1652 | - if( fossil_strcmp(zMimetype, "text/x-fossil-wiki")!=0 ){ | |
| 1653 | - blob_appendf(&wiki, "N %s\n", zMimetype); | |
| 1654 | - } | |
| 1655 | - if( rid ){ | |
| 1656 | - char *zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); | |
| 1657 | - blob_appendf(&wiki, "P %s\n", zUuid); | |
| 1658 | - free(zUuid); | |
| 1659 | - } | |
| 1660 | - if( !login_is_nobody() ){ | |
| 1661 | - blob_appendf(&wiki, "U %F\n", login_name()); | |
| 1662 | - } | |
| 1663 | - appendRemark(&body, zMimetype); | |
| 1664 | - blob_appendf(&wiki, "W %d\n%s\n", blob_size(&body), blob_str(&body)); | |
| 1665 | - md5sum_blob(&wiki, &cksum); | |
| 1666 | - blob_appendf(&wiki, "Z %b\n", &cksum); | |
| 1667 | - blob_reset(&cksum); | |
| 1668 | - wiki_put(&wiki, rid, wiki_need_moderation(0)); | |
| 1669 | - db_end_transaction(0); | |
| 1670 | - } | |
| 1639 | + login_verify_csrf_secret(); | |
| 1640 | + blob_append(&body, pWiki->zWiki, -1); | |
| 1641 | + blob_zero(&wiki); | |
| 1642 | + db_begin_transaction(); | |
| 1643 | + zDate = date_in_standard_format("now"); | |
| 1644 | + blob_appendf(&wiki, "D %s\n", zDate); | |
| 1645 | + blob_appendf(&wiki, "L %F\n", zPageName); | |
| 1646 | + if( fossil_strcmp(zMimetype, "text/x-fossil-wiki")!=0 ){ | |
| 1647 | + blob_appendf(&wiki, "N %s\n", zMimetype); | |
| 1648 | + } | |
| 1649 | + if( rid ){ | |
| 1650 | + char *zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); | |
| 1651 | + blob_appendf(&wiki, "P %s\n", zUuid); | |
| 1652 | + free(zUuid); | |
| 1653 | + } | |
| 1654 | + if( !login_is_nobody() ){ | |
| 1655 | + blob_appendf(&wiki, "U %F\n", login_name()); | |
| 1656 | + } | |
| 1657 | + appendRemark(&body, zMimetype); | |
| 1658 | + blob_appendf(&wiki, "W %d\n%s\n", blob_size(&body), blob_str(&body)); | |
| 1659 | + md5sum_blob(&wiki, &cksum); | |
| 1660 | + blob_appendf(&wiki, "Z %b\n", &cksum); | |
| 1661 | + blob_reset(&cksum); | |
| 1662 | + wiki_put(&wiki, rid, wiki_need_moderation(0)); | |
| 1663 | + db_end_transaction(0); | |
| 1664 | + manifest_destroy(pWiki); | |
| 1671 | 1665 | cgi_redirectf("wiki?name=%T", zPageName); |
| 1666 | + return; | |
| 1672 | 1667 | } |
| 1673 | - if( P("cancel")!=0 ){ | |
| 1668 | + if( !isSandbox && P("cancel")!=0 ){ | |
| 1669 | + manifest_destroy(pWiki); | |
| 1674 | 1670 | cgi_redirectf("wiki?name=%T", zPageName); |
| 1675 | 1671 | return; |
| 1676 | 1672 | } |
| 1677 | 1673 | style_set_current_page("%T?name=%T", g.zPath, zPageName); |
| 1678 | 1674 | style_set_current_feature("wiki"); |
| 1679 | 1675 | style_header("Append Comment To: %s", zPageName); |
| 1680 | 1676 | if( !goodCaptcha ){ |
| 1681 | 1677 | @ <p class="generalError">Error: Incorrect security code.</p> |
| 1682 | 1678 | } |
| 1683 | - if( P("preview")!=0 ){ | |
| 1679 | + if( isSandbox ){ | |
| 1680 | + @ <p class="generalError">Error: the Sandbox page may not | |
| 1681 | + @ be appended to.</p> | |
| 1682 | + } | |
| 1683 | + if( !isSandbox && P("preview")!=0 ){ | |
| 1684 | 1684 | Blob preview; |
| 1685 | 1685 | blob_zero(&preview); |
| 1686 | 1686 | appendRemark(&preview, zMimetype); |
| 1687 | 1687 | @ Preview:<hr /> |
| 1688 | 1688 | safe_html_context(DOCSRC_WIKI); |
| @@ -1705,10 +1705,11 @@ | ||
| 1705 | 1705 | @ <input type="submit" name="preview" value="Preview Your Comment" /> |
| 1706 | 1706 | @ <input type="submit" name="submit" value="Append Your Changes" /> |
| 1707 | 1707 | @ <input type="submit" name="cancel" value="Cancel" /> |
| 1708 | 1708 | captcha_generate(0); |
| 1709 | 1709 | @ </form> |
| 1710 | + manifest_destroy(pWiki); | |
| 1710 | 1711 | style_finish_page(); |
| 1711 | 1712 | } |
| 1712 | 1713 | |
| 1713 | 1714 | /* |
| 1714 | 1715 | ** WEBPAGE: whistory |
| 1715 | 1716 |
| --- src/wiki.c | |
| +++ src/wiki.c | |
| @@ -666,11 +666,11 @@ | |
| 666 | /* |
| 667 | ** Given a mimetype, return its common name. |
| 668 | */ |
| 669 | static const char *mimetype_common_name(const char *zMimetype){ |
| 670 | int i; |
| 671 | for(i=4; i>=2; i-=2){ |
| 672 | if( zMimetype && fossil_strcmp(zMimetype, azStyles[i])==0 ){ |
| 673 | return azStyles[i+1]; |
| 674 | } |
| 675 | } |
| 676 | return azStyles[1]; |
| @@ -1592,97 +1592,97 @@ | |
| 1592 | ** Append text to the end of a wiki page. |
| 1593 | */ |
| 1594 | void wikiappend_page(void){ |
| 1595 | char *zTag; |
| 1596 | int rid = 0; |
| 1597 | int isSandbox; |
| 1598 | const char *zPageName; |
| 1599 | const char *zUser; |
| 1600 | const char *zMimetype; |
| 1601 | int goodCaptcha = 1; |
| 1602 | const char *zFormat; |
| 1603 | |
| 1604 | login_check_credentials(); |
| 1605 | zPageName = PD("name",""); |
| 1606 | zMimetype = wiki_filter_mimetypes(P("mimetype")); |
| 1607 | if( check_name(zPageName) ) return; |
| 1608 | isSandbox = is_sandbox(zPageName); |
| 1609 | if( !isSandbox ){ |
| 1610 | zTag = mprintf("wiki-%s", zPageName); |
| 1611 | rid = db_int(0, |
| 1612 | "SELECT rid FROM tagxref" |
| 1613 | " WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)" |
| 1614 | " ORDER BY mtime DESC", zTag |
| 1615 | ); |
| 1616 | free(zTag); |
| 1617 | if( !rid ){ |
| 1618 | fossil_redirect_home(); |
| 1619 | return; |
| 1620 | } |
| 1621 | } |
| 1622 | if( !g.perm.ApndWiki ){ |
| 1623 | login_needed(g.anon.ApndWiki); |
| 1624 | return; |
| 1625 | } |
| 1626 | if( P("submit")!=0 && P("r")!=0 && P("u")!=0 |
| 1627 | && (goodCaptcha = captcha_is_correct(0)) |
| 1628 | ){ |
| 1629 | char *zDate; |
| 1630 | Blob cksum; |
| 1631 | Blob body; |
| 1632 | Blob wiki; |
| 1633 | Manifest *pWiki = 0; |
| 1634 | |
| 1635 | blob_zero(&body); |
| 1636 | if( isSandbox ){ |
| 1637 | blob_append(&body, db_get("sandbox",""), -1); |
| 1638 | appendRemark(&body, zMimetype); |
| 1639 | db_set("sandbox", blob_str(&body), 0); |
| 1640 | }else{ |
| 1641 | login_verify_csrf_secret(); |
| 1642 | pWiki = manifest_get(rid, CFTYPE_WIKI, 0); |
| 1643 | if( pWiki ){ |
| 1644 | blob_append(&body, pWiki->zWiki, -1); |
| 1645 | manifest_destroy(pWiki); |
| 1646 | } |
| 1647 | blob_zero(&wiki); |
| 1648 | db_begin_transaction(); |
| 1649 | zDate = date_in_standard_format("now"); |
| 1650 | blob_appendf(&wiki, "D %s\n", zDate); |
| 1651 | blob_appendf(&wiki, "L %F\n", zPageName); |
| 1652 | if( fossil_strcmp(zMimetype, "text/x-fossil-wiki")!=0 ){ |
| 1653 | blob_appendf(&wiki, "N %s\n", zMimetype); |
| 1654 | } |
| 1655 | if( rid ){ |
| 1656 | char *zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); |
| 1657 | blob_appendf(&wiki, "P %s\n", zUuid); |
| 1658 | free(zUuid); |
| 1659 | } |
| 1660 | if( !login_is_nobody() ){ |
| 1661 | blob_appendf(&wiki, "U %F\n", login_name()); |
| 1662 | } |
| 1663 | appendRemark(&body, zMimetype); |
| 1664 | blob_appendf(&wiki, "W %d\n%s\n", blob_size(&body), blob_str(&body)); |
| 1665 | md5sum_blob(&wiki, &cksum); |
| 1666 | blob_appendf(&wiki, "Z %b\n", &cksum); |
| 1667 | blob_reset(&cksum); |
| 1668 | wiki_put(&wiki, rid, wiki_need_moderation(0)); |
| 1669 | db_end_transaction(0); |
| 1670 | } |
| 1671 | cgi_redirectf("wiki?name=%T", zPageName); |
| 1672 | } |
| 1673 | if( P("cancel")!=0 ){ |
| 1674 | cgi_redirectf("wiki?name=%T", zPageName); |
| 1675 | return; |
| 1676 | } |
| 1677 | style_set_current_page("%T?name=%T", g.zPath, zPageName); |
| 1678 | style_set_current_feature("wiki"); |
| 1679 | style_header("Append Comment To: %s", zPageName); |
| 1680 | if( !goodCaptcha ){ |
| 1681 | @ <p class="generalError">Error: Incorrect security code.</p> |
| 1682 | } |
| 1683 | if( P("preview")!=0 ){ |
| 1684 | Blob preview; |
| 1685 | blob_zero(&preview); |
| 1686 | appendRemark(&preview, zMimetype); |
| 1687 | @ Preview:<hr /> |
| 1688 | safe_html_context(DOCSRC_WIKI); |
| @@ -1705,10 +1705,11 @@ | |
| 1705 | @ <input type="submit" name="preview" value="Preview Your Comment" /> |
| 1706 | @ <input type="submit" name="submit" value="Append Your Changes" /> |
| 1707 | @ <input type="submit" name="cancel" value="Cancel" /> |
| 1708 | captcha_generate(0); |
| 1709 | @ </form> |
| 1710 | style_finish_page(); |
| 1711 | } |
| 1712 | |
| 1713 | /* |
| 1714 | ** WEBPAGE: whistory |
| 1715 |
| --- src/wiki.c | |
| +++ src/wiki.c | |
| @@ -666,11 +666,11 @@ | |
| 666 | /* |
| 667 | ** Given a mimetype, return its common name. |
| 668 | */ |
| 669 | static const char *mimetype_common_name(const char *zMimetype){ |
| 670 | int i; |
| 671 | for(i=6; i>=0; i-=3){ |
| 672 | if( zMimetype && fossil_strcmp(zMimetype, azStyles[i])==0 ){ |
| 673 | return azStyles[i+1]; |
| 674 | } |
| 675 | } |
| 676 | return azStyles[1]; |
| @@ -1592,97 +1592,97 @@ | |
| 1592 | ** Append text to the end of a wiki page. |
| 1593 | */ |
| 1594 | void wikiappend_page(void){ |
| 1595 | char *zTag; |
| 1596 | int rid = 0; |
| 1597 | const char *zPageName; |
| 1598 | const char *zUser; |
| 1599 | const char *zMimetype; |
| 1600 | int goodCaptcha = 1; |
| 1601 | const char *zFormat; |
| 1602 | Manifest *pWiki = 0; |
| 1603 | int isSandbox; |
| 1604 | |
| 1605 | login_check_credentials(); |
| 1606 | if( !g.perm.ApndWiki ){ |
| 1607 | login_needed(g.anon.ApndWiki); |
| 1608 | return; |
| 1609 | } |
| 1610 | zPageName = PD("name",""); |
| 1611 | zMimetype = wiki_filter_mimetypes(P("mimetype")); |
| 1612 | if( check_name(zPageName) ) return; |
| 1613 | isSandbox = is_sandbox(zPageName); |
| 1614 | if(!isSandbox){ |
| 1615 | zTag = mprintf("wiki-%s", zPageName); |
| 1616 | rid = db_int(0, |
| 1617 | "SELECT rid FROM tagxref" |
| 1618 | " WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)" |
| 1619 | " ORDER BY mtime DESC", zTag |
| 1620 | ); |
| 1621 | free(zTag); |
| 1622 | pWiki = rid ? manifest_get(rid, CFTYPE_WIKI, 0) : 0; |
| 1623 | if( !pWiki ){ |
| 1624 | fossil_redirect_home(); |
| 1625 | return; |
| 1626 | } |
| 1627 | zMimetype = wiki_filter_mimetypes(pWiki->zMimetype) |
| 1628 | /* see https://fossil-scm.org/forum/forumpost/0acfdaac80 */; |
| 1629 | } |
| 1630 | if( !isSandbox && P("submit")!=0 && P("r")!=0 && P("u")!=0 |
| 1631 | && (goodCaptcha = captcha_is_correct(0)) |
| 1632 | ){ |
| 1633 | char *zDate; |
| 1634 | Blob cksum; |
| 1635 | Blob body; |
| 1636 | Blob wiki; |
| 1637 | |
| 1638 | blob_zero(&body); |
| 1639 | login_verify_csrf_secret(); |
| 1640 | blob_append(&body, pWiki->zWiki, -1); |
| 1641 | blob_zero(&wiki); |
| 1642 | db_begin_transaction(); |
| 1643 | zDate = date_in_standard_format("now"); |
| 1644 | blob_appendf(&wiki, "D %s\n", zDate); |
| 1645 | blob_appendf(&wiki, "L %F\n", zPageName); |
| 1646 | if( fossil_strcmp(zMimetype, "text/x-fossil-wiki")!=0 ){ |
| 1647 | blob_appendf(&wiki, "N %s\n", zMimetype); |
| 1648 | } |
| 1649 | if( rid ){ |
| 1650 | char *zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid); |
| 1651 | blob_appendf(&wiki, "P %s\n", zUuid); |
| 1652 | free(zUuid); |
| 1653 | } |
| 1654 | if( !login_is_nobody() ){ |
| 1655 | blob_appendf(&wiki, "U %F\n", login_name()); |
| 1656 | } |
| 1657 | appendRemark(&body, zMimetype); |
| 1658 | blob_appendf(&wiki, "W %d\n%s\n", blob_size(&body), blob_str(&body)); |
| 1659 | md5sum_blob(&wiki, &cksum); |
| 1660 | blob_appendf(&wiki, "Z %b\n", &cksum); |
| 1661 | blob_reset(&cksum); |
| 1662 | wiki_put(&wiki, rid, wiki_need_moderation(0)); |
| 1663 | db_end_transaction(0); |
| 1664 | manifest_destroy(pWiki); |
| 1665 | cgi_redirectf("wiki?name=%T", zPageName); |
| 1666 | return; |
| 1667 | } |
| 1668 | if( !isSandbox && P("cancel")!=0 ){ |
| 1669 | manifest_destroy(pWiki); |
| 1670 | cgi_redirectf("wiki?name=%T", zPageName); |
| 1671 | return; |
| 1672 | } |
| 1673 | style_set_current_page("%T?name=%T", g.zPath, zPageName); |
| 1674 | style_set_current_feature("wiki"); |
| 1675 | style_header("Append Comment To: %s", zPageName); |
| 1676 | if( !goodCaptcha ){ |
| 1677 | @ <p class="generalError">Error: Incorrect security code.</p> |
| 1678 | } |
| 1679 | if( isSandbox ){ |
| 1680 | @ <p class="generalError">Error: the Sandbox page may not |
| 1681 | @ be appended to.</p> |
| 1682 | } |
| 1683 | if( !isSandbox && P("preview")!=0 ){ |
| 1684 | Blob preview; |
| 1685 | blob_zero(&preview); |
| 1686 | appendRemark(&preview, zMimetype); |
| 1687 | @ Preview:<hr /> |
| 1688 | safe_html_context(DOCSRC_WIKI); |
| @@ -1705,10 +1705,11 @@ | |
| 1705 | @ <input type="submit" name="preview" value="Preview Your Comment" /> |
| 1706 | @ <input type="submit" name="submit" value="Append Your Changes" /> |
| 1707 | @ <input type="submit" name="cancel" value="Cancel" /> |
| 1708 | captcha_generate(0); |
| 1709 | @ </form> |
| 1710 | manifest_destroy(pWiki); |
| 1711 | style_finish_page(); |
| 1712 | } |
| 1713 | |
| 1714 | /* |
| 1715 | ** WEBPAGE: whistory |
| 1716 |