Wiki2Go 1.17.5 → 1.22.0

data/lib/Wiki2Go/Wiki2GoConfig.rb

@@ -2,6 +2,7 @@
 
 
 require "Wiki2Go/FileStorage.rb"
+require "Wiki2Go/Install/make_repository.rb"
 require 'fileutils'
 require 'logger'
 
@@ -18,6 +19,9 @@ module Wiki2Go
     attr_accessor :root_directory
     attr_accessor :site_directory
 
+    attr_accessor :user
+    attr_accessor :group
+    
     attr_accessor :generate_html
     attr_accessor :debug
     attr_accessor :multi_wiki
@@ -27,6 +31,16 @@ module Wiki2Go
     attr_accessor :subsite
     attr_accessor :blog_style
     attr_accessor :maximum_urls
+    attr_accessor :pages_in_recent_changes
+    attr_accessor :pages_in_rss
+    attr_accessor :editor
+    attr_accessor :delete_spam
+    # User must submit a checksum of the original page when saving
+    attr_accessor :checksum_required
+    # Salt to make checksum unique and unguessable
+    attr_accessor :checksum_salt
+    # When a document is submitted without a checksum, blacklist the sender (default = false)
+    attr_accessor :blacklist_when_no_checksum
 
     # directory = base directory of the wiki. Current directory by default
     def initialize(directory=nil)
@@ -50,8 +64,25 @@ module Wiki2Go
       @subsite             = ''
       @blog_style    = false
       @maximum_urls  = 5
-
+      
+      @pages_in_recent_changes = 20 
+      @pages_in_rss = 20
+      @editor       = 'wikiedit'
+      @delete_spam  = false
+      
+      @checksum_required = false
+      @checksum_salt = '^$%wiki#§}'
+      @blacklist_when_no_checksum = false
+      
       @logger = nil
+
+      @user  = nil
+      @group = nil
+      
+      @banned_users = nil
+      @banned_urls = nil
+      @chonqed_urls = nil
+      @greylist = nil 
     end  
 
     # return current Storage object.
@@ -68,6 +99,26 @@ module Wiki2Go
       @logger
     end
 
+    def banned_users
+      @banned_users ||= storage.load_blacklist('user')
+      @banned_users
+    end    
+
+    def banned_urls
+      @banned_urls ||= storage.load_blacklist('url',true)
+      @banned_urls
+    end
+
+    def chonqed_urls
+      @chonqed_urls ||= storage.load_blacklist('chonqed')
+      @chonqed_urls
+    end
+
+    def greylist
+      @greylist ||= storage.load_greylist
+      @greylist
+    end
+    
     # Discard configuration. Closes logger object, if present
     def close
       @logger.close unless @logger.nil? 
@@ -126,8 +177,38 @@ module Wiki2Go
       true
     end
 
+    # Check if we want to accept calls from the user before doing anything
+    # web:: a Web object describing the request
+    # true by default, subclasses can override
+    def accept_user?(web)
+      true
+    end
+    
+    # Check if the edit is correct (not by a spammer, no editing clash)
+    # old_page:: the page as it is on disk
+    # checksum:: the checksum submitted with the edit
+    def accept_edit?(web,old_page,checksum)
+      checksum = checksum.strip
+      if @checksum_required then
+        check = old_page.checksum(@checksum_salt)
+        if check != checksum then
+          author   = web.user
+          pagename = web.name.length > 0 ? "#{web.name}/#{web.current_page}" : web.current_page 
+
+          log("User #{author} gave wrong checksum when editing '#{pagename}': #{checksum} vs #{check}.")
+        end
+        return check == checksum
+      end
+      true
+    end
+    
+    # Add the spammer IP address to the blacklist
+    def blacklist_user(spammer)
+      
+    end
+    
     def redirect_to_html?(web)
-      @generate_html && !web.secure
+      @generate_html && !web.secure?
     end
 
     def add_processor(type,proc)
@@ -180,7 +261,7 @@ module Wiki2Go
       require 'Wiki2Go/Install/make_repository'
 
       def update_from_repository
-        cvs = RepositoryMaker.new(@root,logger)
+        cvs = Wiki2Go::RepositoryMaker.new(@root,logger)
         updated,clashed = cvs.update(@root_directory,@modulename)
         log("UPDATE: Updated files : #{updated.join(', ')}")
         log("UPDATE: Clashed files : #{clashed.join(', ')}")
@@ -188,14 +269,14 @@ module Wiki2Go
       end
 
       def commit_to_repository(comment='No Comment')
-        cvs = RepositoryMaker.new(@root,logger)
+        cvs = Wiki2Go::RepositoryMaker.new(@root,logger)
         report = cvs.add_wiki(@root_directory,@modulename,comment)
         log("COMMIT: #{report.join}")
         return report
       end
 
       def instant_commit_to_repository(comment='No Comment')
-        cvs = RepositoryMaker.new(@root,logger)
+        cvs = Wiki2Go::RepositoryMaker.new(@root,logger)
         if cvs.is_local?(@root_directory,@modulename) then
           report = cvs.add_wiki(@root_directory,@modulename,comment)
           log("COMMIT: #{report.join}")
@@ -229,7 +310,7 @@ module Wiki2Go
     def make_logger
       dir = File.dirname(logfile)
       FileUtils::mkdir_p(dir, { :mode => 0775 }) unless File.exists?(dir)
-      @logger = Logger.new(logfile, 10, 64000)
+      @logger = Logger.new(logfile, 10, 256000)
       @logger.datetime_format = "%Y-%m-%d %H:%M:%S"
       @logger
     end

data/lib/Wiki2Go/Wiki2GoServlet.rb

@@ -20,14 +20,17 @@ module Wiki2Go
       result
     end
 
-    def perform_view(req,res,wikiweb)
+    def perform_view(req,res,web)
       wiki = Wiki2Go::Wiki.new(@config)
 
+      version = -1
+      version = web.request.parameter('version',-1).to_i unless web.request.nil?
+ 
       res.content_type = 'text/html'
-      if @config.allow_dynamic_pages && wikiweb.current_page =~ /\.rbl$/i then
-        res.body = wiki.perform(wikiweb,req)
+      if @config.allow_dynamic_pages && web.current_page =~ /\.rbl$/i then
+        res.body = wiki.perform(web,req)
       else
-        res.body = wiki.view(wikiweb)
+        res.body = wiki.view(web,version)
       end
       true
     end
@@ -39,15 +42,46 @@ module Wiki2Go
       res.body = wiki.perform(wikiweb,req)
       true
     end
+        
+    def perform_diff(req,res,wikiweb)
+      from = -1
+      from = wikiweb.request.parameter('from',-1).to_i unless wikiweb.request.nil?
+            
+      to = -1
+      to = wikiweb.request.parameter('to',-1).to_i unless wikiweb.request.nil?
+            
+      wiki = Wiki2Go::Wiki.new(@config)
+            
+      res.content_type = 'text/html'
+      res.body = wiki.diff(wikiweb,from,to)
+      true
+    end
 
+    def perform_sidebyside(req,res,wikiweb)
+      from = -1
+      from = wikiweb.request.parameter('from',-1).to_i unless wikiweb.request.nil?
+            
+      to = -1
+      to = wikiweb.request.parameter('to',-1).to_i unless wikiweb.request.nil?
+            
+      wiki = Wiki2Go::Wiki.new(@config)
+            
+      res.content_type = 'text/html'
+      res.body = wiki.sidebyside(wikiweb,from,to)
+      true
+    end
+        
     def perform_save(req,res,wikiweb)
 
+      return false if req.request_method != 'POST'
+
       content = req.parameter('text','')
       name    = req.parameter('title',wikiweb.current_page)
       author = req.parameter('author') 
       remember_me = req.parameter('remember_me')
-
-      if !author.nil? && author.length > 0 then # !wikiweb.secure && 
+      checksum = req.parameter('iznorobot','')
+      
+      if !author.nil? && author.length > 0 then # !wikiweb.secure? && 
         wikiweb.alias = author
         timeout = Time.now + 7 * 24 * 3600
         res.add_cookie(USER_COOKIE,author,nil,'/',timeout) unless remember_me.nil?
@@ -57,7 +91,7 @@ module Wiki2Go
 
       wikiweb.title = name
 
-      redirect_to = wiki.save(wikiweb,content) 
+      redirect_to = wiki.save(wikiweb,content,checksum) 
       res.redirect_to = redirect_to
       res.content_type = "text/html"
       res.body = "Redirect to #{redirect_to}"
@@ -98,6 +132,14 @@ module Wiki2Go
       true
     end
 
+    def perform_wikiedit(req,res,wikiweb)
+      wiki = Wiki2Go::Wiki.new(@config)
+
+      res.content_type = "text/html"
+      res.body = wiki.wikiedit(wikiweb)
+      true
+    end
+
     def perform_redirect(req,res,wikiweb)
       redirect_to = req.parameter('url')
 
@@ -128,8 +170,11 @@ module Wiki2Go
         wiki.blacklist(user)
       end
 
+      redirect_to = wiki.remove_spam(wikiweb) 
+      res.redirect_to = redirect_to
       res.content_type = "text/html"
-      res.body = wiki.remove_spam(wikiweb)
+      res.body = "Redirect to #{redirect_to}"
+      @config.log("Remove spam done. Redirecting to #{redirect_to}")
       true
     end
 
@@ -175,6 +220,11 @@ module Wiki2Go
 
     def execute_command(req,res)
       wikiweb = Wiki2Go::Web.from_request(req,@config)
+      if !@config.accept_user?(wikiweb) then
+        res.failed
+        return false
+      end
+      
       command = wikiweb.verb
       begin
         if command =~ /^([^\.]+)\./ then
@@ -191,18 +241,19 @@ module Wiki2Go
           end
         end
       end
+      
       return false
     end
 
     def perform(method,req,res,wikiweb)
-      @config.log(">> #{method} #{req.cookies.inspect}")
+      @config.log(">> #{method}(#{wikiweb.name},#{wikiweb.current_page}) #{req.cookies.inspect}")
       start_time = Time.now.to_f
       begin
         cookie = req.cookie(USER_COOKIE)
-
+        
         author = cookie.value.to_s unless cookie.nil?
 
-        if !author.nil? && author.length > 0 then #  !wikiweb.secure &&
+        if !author.nil? && author.length > 0 then #  !wikiweb.secure? &&
           wikiweb.alias = author
         end
 
@@ -210,9 +261,12 @@ module Wiki2Go
         return result
       rescue WEBrick::HTTPStatus::Redirect => redirect then
         raise redirect
+      rescue Wiki2Go::SpamException then
+        res.failed
+        return false
       rescue Exception => e then
         @config.errorlog("Caught exception in #{method}: #{e.inspect}" + $/ + "Stack: #{$@}")
-        redirect_url = "#{wikiweb.base_url}error.html"
+        redirect_url = wikiweb.error_page
 
         res.redirect_to = redirect_url
         res.body = "redirect to view <a href=\"#{redirect_url}\">view</a><br>"

data/lib/Wiki2Go/WikiFormatter.rb

@@ -17,6 +17,8 @@ module Wiki2Go
     attr_reader :searchtopic
     attr_reader :config
     attr_accessor :title
+    attr_reader :from
+    attr_reader :to
 
     def initialize(config,formatter,text,page,web,pages,searchtopic,title)
       @config = config
@@ -26,7 +28,19 @@ module Wiki2Go
       @text = text
       @pages = pages
       @searchtopic = searchtopic
-      @title = title 
+      @title = title
+      @from = -1
+      @to = -1  
+    end
+    
+    def versions(from,to)
+        if to > 0 then
+            @to = to
+            @from = from
+        else
+            @from = -1 
+            @to = -1
+        end 
     end
   end
 
@@ -38,11 +52,12 @@ module Wiki2Go
 
     public
 
-    def format_page_in_template(template,page) 
+    def format_page_in_template(template,page,version=-1) 
       formatted_page = format_page(page.content)
       template = splice_variable_values(template,page,formatted_page)
       erb = ERB.new(template)
       context = PageContext.new(@config,self,formatted_page,page,@web,nil,nil,nil)
+      context.versions(version-1,version)
       template = evaluate(erb,context)
       return template
     end
@@ -56,7 +71,7 @@ module Wiki2Go
     end
 
     def put_page_in_template(template,page) 
-      formatted_page = page.content.gsub(/&/n, '&amp;').gsub(/\"/n, '&quot;').gsub(/>/n, '&gt;').gsub(/</n, '&lt;')
+      formatted_page = CGI::escapeHTML(page.content)
 
       template = splice_variable_values(template,page,formatted_page)
       erb = ERB.new(template)
@@ -65,6 +80,17 @@ module Wiki2Go
       return template
     end
 
+     def dump_page_in_template(template,page,from,to) 
+      formatted_page = page.content
+
+      template = splice_variable_values(template,page,formatted_page)
+      erb = ERB.new(template)
+      context = PageContext.new(@config,self,formatted_page,page,@web,nil,nil,nil)
+      context.versions(from,to)
+      template = evaluate(erb,context)
+      return template
+    end
+
     def format_page(content)
       result = format_page_content(content)
       result += formatting_done
@@ -73,41 +99,45 @@ module Wiki2Go
 
 
     def generate_rss(template,changes)
-
-      # RSS must contain absolute URLs because some feedreaders don't honor the relative
-      #  URLs to the content of the <link> tag
-      old_absolute_urls = @absolute_urls 
-      @absolute_urls = true
-      
-      template_after_items = <<-END_OF_AFTER_ITEMS_XML
+    
+        # RSS must contain absolute URLs because some feedreaders don't honor the relative
+        #  URLs to the content of the <link> tag
+        old_absolute_urls = @absolute_urls 
+        @absolute_urls = true
+        
+        template_after_items = <<-END_OF_AFTER_ITEMS_XML
       </channel>
       </rss>
       END_OF_AFTER_ITEMS_XML
-
-      items = ""
-
-      changes.each do |page| 
-        items = items + <<-END_OF_ITEMS
+      
+        items = ""
+        
+        changes.each do |page| 
+            items = items + <<-END_OF_ITEMS
         <item>
         <title>#{CGI::escapeHTML(page.name)}</title>
         <author>#{page.alias}</author>
         <pubDate>#{@config.blog_style ? page.created_on.strftime("%d %B %Y %H:%M GMT") : page.lastmodified.strftime("%d %B %Y %H:%M GMT")}</pubDate>
         <link>#{absolute_url_of_topic(page.filename)}</link>
-        <guid isPermaLink="true">#{@web.name}/#{page.filename}</guid>
-        <description><![CDATA[#{format_page(page.content).strip}]]></description>
-        </item>
+        <guid isPermaLink="true">#{absolute_url_of_topic(page.filename)}</guid>
         END_OF_ITEMS
-      end
-
-      template = template + items + template_after_items
-
-      # We're using hard coded GMT, because %Z returns something strange
-      time = Time.new.gmtime.strftime("%d %B %Y %H:%M GMT")
-      template.gsub!(/\$DATE\$/, time)
-      template = splice_web_values(template)
-
-      @absolute_urls = old_absolute_urls
-      return template
+        
+            if !Page.is_dynamic?(page.filename) then
+                items += "<description><![CDATA[#{format_page(page.content).strip}]]></description>\n"
+            end
+            items += "</item>\n"
+            
+        end
+        
+        template = template + items + template_after_items
+        
+        # We're using hard coded GMT, because %Z returns something strange
+        time = Time.new.gmtime.strftime("%d %B %Y %H:%M GMT")
+        template.gsub!(/\$DATE\$/, time)
+        template = splice_web_values(template)
+        
+        @absolute_urls = old_absolute_urls
+        return template
     end
 
     def generate_rss_from_log(log)
@@ -143,7 +173,7 @@ END_OF_HEADER
         <link>#{File.join(@web.base_url,'scripts/secure/admin/show_log')}</link>
         <author>Wiki2Go</author>
         <pubDate>#{parse_log_date(datetime).strftime("%d %B %Y %H:%M GMT")}</pubDate>
-        <description><![CDATA[#{message}]]></description>
+        <description><![CDATA[#{CGI::escapeHTML(message)}]]></description>
         </item>
         END_OF_ITEMS
       end