Wiki2Go 1.17.5 → 1.22.0

data/lib/Wiki2Go/Page.rb

@@ -1,3 +1,5 @@
+require "digest/sha2"
+
 module Wiki2Go
   
   # Represents one page in the Wiki
@@ -6,7 +8,7 @@ module Wiki2Go
     # Name of the file
     attr_reader :filename
     # Descriptive name given by author
-    attr_reader :name
+    attr_accessor :name
     # Real author (if authenticated) or IP/DNS address
     attr_accessor :author
     # Authorname given by author
@@ -35,7 +37,7 @@ module Wiki2Go
         @lines = lines
       end
       @lastmodified = time
-      @created_on      = time
+      @created_on   = time
       
       @author = author
       @alias  = aliasname || author
@@ -91,9 +93,15 @@ module Wiki2Go
 
     # Content as a String
     def content
-      return @lines.join
+      return @lines.join($/)
     end
 
+    # Checksum based on content, author, document name and author alias
+    # Returns String with hex digest
+    def checksum(salt="")
+      Digest::SHA256.hexdigest("#{salt}#{content}--#{author}--#{name}--#{self.alias}")
+    end
+    
     # DEPRECATED use filename instead
     def title
       @filename
@@ -104,6 +112,11 @@ module Wiki2Go
       @filename = name
     end
 
+    # Does this page contain dynamic (Rublet) content?
+    def is_dynamic?
+      Page.is_dynamic?(@filename)
+    end
+    
     # Does filename indicate that page should be executed (Rublet)?
     def Page.is_dynamic?(pagename)
       pagename =~ /\.rbl$/

data/lib/Wiki2Go/PrivateWikiConfig.rb

@@ -38,10 +38,10 @@ module Wiki2Go
   end
 end
 
-class PrivateWikiConfig < Wiki2Go::PrivateWikiConfig
-  def initialize(directory)
-    super(directory)
-  end
-end
+#class PrivateWikiConfig < Wiki2Go::PrivateWikiConfig
+  #def initialize(directory)
+    #super(directory)
+  #end
+#end
 
 

data/lib/Wiki2Go/PublicWikiConfig.rb

@@ -8,86 +8,132 @@ require 'Wiki2Go/SpamFilter'
 module Wiki2Go
   # Base class for public wiki
   class PublicWikiConfig < Wiki2Go::Config
-
+  
     # Initialize with root directory of wiki
-    # By default, generates HTML
+    # By default, generates HTML and filters SPAM
     def initialize(directory)
       super(directory)
       @generate_html = true 
+      @delete_spam   = true
       @spamfilter = Wiki2Go::SpamFilter.new(self)
-
     end  
-
+    
+    # Accept a call from the user if they are not blacklisted
+    def accept_user?(web)
+      return true if web.secure?
+      
+      author   = web.user
+      pagename = web.name.length > 0 ? "#{web.name}/#{web.current_page}" : web.current_page 
+      if @spamfilter.edit_by_banned_user?(author) then
+        log("User #{author} is blacklisted while editing '#{pagename}'.")
+        return false
+      end
+      return true
+    end
+    
+    # Add the spammer IP address to the blacklist
+    def blacklist_user(spammer)
+      @spamfilter.blacklist_user(spammer)
+    end
+    
     # Accept a page save if
     #    * The edit is by an authenticated user
     #    * OR the user is not on the blacklist and none of the URLs on the page are on the blacklist and no more than 5 urls added
+    #    * AND no hidden style in tags    
+    #    * AND page not erased
     def accept_page?(web,content)    
-
-      return true if web.secure
-
-      author = web.user
-
+    
+      return true if web.secure?
+      
+      author   = web.user
+      pagename = web.name.length > 0 ? "#{web.name}/#{web.current_page}" : web.current_page 
+      
+      if @spamfilter.hidden_text_in(content) then 
+        blacklist_user(author)
+        
+        log(content)
+        errorlog("User used hidden style in tags of '#{pagename}': Blacklisted user #{author}")
+        
+        tarpit
+        return false
+      elsif @spamfilter.cleared_page?(content) then
+        @spamfilter.greylist_urls(author,[])
+        log(content)
+        errorlog("User erased page '#{pagename}': Greylisted user #{author}")
+        
+        tarpit
+        return false
+      elsif @spamfilter.empty_urls_in(content) then
+        blacklist_user(author)
+        
+        log(content)
+        errorlog("User used empty URL hrefs in '#{pagename}': Blacklisted user #{author}")
+        
+        tarpit
+        return false
+      end
+      
       current_page = storage.load_page(web.name,web.current_page)
       urls = @spamfilter.added_urls(current_page.content,content)
-
-      if urls.length > @maximum_urls then 
-        @spamfilter.blacklist_user(author)
+      
+      if @spamfilter.edit_by_banned_user?(author) then 
         @spamfilter.blacklist_urls(urls)
-
-        errorlog("User added too many URLS: #{urls.length}. Blacklisted user #{author} and #{urls.join(', ')}")
-
-        tarpit
+        
+        log("User #{author} is blacklisted while editing '#{pagename}'.  Blacklisting #{urls.join(', ')}")
+        
+        # tarpit
         return false
-      elsif @spamfilter.edit_by_banned_user?(author) then 
+      elsif urls.length > @maximum_urls then 
+        blacklist_user(author)
         @spamfilter.blacklist_urls(urls)
-
-        errorlog("User #{author} is blacklisted.  Blacklisting #{urls.join(', ')}")
-
+        
+        errorlog("User added too many URLS to '#{pagename}': #{urls.length}. Blacklisted user #{author} and #{urls.join(', ')}")
+        
         tarpit
         return false
       elsif urls.length >0 && @spamfilter.edit_contains_banned_url?(urls) then
-
-        @spamfilter.blacklist_user(author)
+      
+        blacklist_user(author)
         @spamfilter.blacklist_urls(urls)
-
-        errorlog("Edit by user #{author} contains blacklisted url. Blacklisting #{urls.join(', ')}")
-
+        
+        errorlog("Edit by user #{author} of page '#{pagename}' contains blacklisted url. Blacklisting #{urls.join(', ')}")
+        
         tarpit
         return false
       else
         if urls.length > 0 then
           @spamfilter.greylist_urls(author,urls)
-          errorlog("Greylisted user #{author} because of the following urls: #{urls}")
+          errorlog("Greylisted user #{author} while editing '#{pagename}' because of the following urls: #{urls.join(', ')}")
         end
         return true
       end
     end
-
+    
     # What to do when we encounter a spammer? Delay him for 60 seconds
     def tarpit
       sleep(60)
     end
-
+    
     # A public wiki is always editable
     def editable?(web)
       true
     end
-
+    
     # Redirect if the url is on the greylist, unless the user is authenticated
     def redirect_url?(web,url)
-      return false if web.secure
-
+      return false if web.secure?
+      
       redirect = @spamfilter.greylisted_url?(url)
       log("Redirect #{url}") if redirect
       return redirect
     end
-
+    
   end
 end
 
-class PublicWikiConfig < Wiki2Go::PublicWikiConfig
+#class PublicWikiConfig < Wiki2Go::PublicWikiConfig
 
-  def initialize(directory)
-    super(directory)
-  end
-end  
+#def initialize(directory)
+#super(directory)
+#end
+#end  

data/lib/Wiki2Go/ReadWriteWikiConfig.rb

@@ -4,8 +4,8 @@ require "Wiki2Go/FileStorage.rb"
 require "Wiki2Go/Wiki2GoConfig.rb"
 
 module Wiki2Go
-    # Base class for read/write wikis (authenticated users can write, everybody can read)
-    class ReadWriteWikiConfig < Wiki2Go::Config
+  # Base class for read/write wikis (authenticated users can write, everybody can read)
+  class ReadWriteWikiConfig < Wiki2Go::Config
 
     def initialize(directory)
       super(directory)
@@ -14,7 +14,7 @@ module Wiki2Go
 
     # Wiki is editable if user is authenticated
     def editable?(web)
-      web.secure
+      web.secure?
     end
 
     # Never redirect URLs, we trust our authenticated writers
@@ -25,10 +25,10 @@ module Wiki2Go
   end
 end
 
-class ReadWriteWikiConfig < Wiki2Go::ReadWriteWikiConfig
+#class ReadWriteWikiConfig < Wiki2Go::ReadWriteWikiConfig
 
-  def initialize(directory)
-    super(directory)
-  end  
-end
+  #def initialize(directory)
+    #super(directory)
+  #end  
+#end
 

data/lib/Wiki2Go/Server.rb

@@ -24,6 +24,7 @@ module Wiki2Go
       @generate_html = false
       @multi_wiki    = true
       @debug         = true
+      @editor        = 'wikiedit'
       add_processor('GRAPH',Wiki2Go::DotGraphics.new('c:/Program Files/ATT/Graphviz/bin/'))
       enable_syntax_highlighting
     end
@@ -50,7 +51,7 @@ module Wiki2Go
       cvsroot = ''
       blogstyle = false
 
-      opts.on("-d",'--dir <directory>','(default is current directory)',String) { |val| dir = val }
+      opts.on("-d",'--dir <directory>','(default is current directory)',String) { |val| dir = File.expand_path(val) }
       opts.on("-p",'--port <nb>',"(default is port 8081)",String) { |val| port = val }
       opts.on("-w",'--wiki <wikiname>',"(default is 'Wiki2Go')",String) { |val| wiki = val }
       opts.on("-s","--single","Single or multi-wiki (default)") { |val| single = true }
@@ -64,6 +65,8 @@ module Wiki2Go
       end
       opts.parse(args)
 
+      # TODO : read CgiOptions.rb (if present) and reuse what's available
+
       @config = LocalConfig.new(dir)
       @config.port = port
       @config.default_web = wiki
@@ -84,6 +87,8 @@ module Wiki2Go
         web_thread = Thread.new(@config) do |config|
           s = WEBrick::HTTPServer.new( :Port => config.port)
 
+          s.mount("/scripts/", WikiServlet,config)
+          s.mount("/scripts/secure/", WikiServlet,config)
           s.mount("/", WikiServlet,config)
 
           trap("INT"){ s.shutdown }

data/lib/Wiki2Go/SpamFilter.rb

@@ -11,16 +11,14 @@ module Wiki2Go
     end
 
     def edit_by_banned_user?(author)
-      @config.log("Checking if '#{author}' is banned") 
-      banned = banned_users.contains(author)
-      @config.log("Checking if '#{author}' is banned. Done.")
+      banned = @config.banned_users.contains(author)
+      @config.log("Checking if '#{author}' is banned=> #{banned}")
       banned 
     end
 
     def edit_contains_banned_url?(content)
-      @config.log("Checking if '#{content}' is banned") 
-      banned = banned_urls.found_in(content) || chonqed_urls.found_in(content)
-      @config.log("Checking if '#{content}' is banned. Done")
+      banned = @config.banned_urls.found_in(content) || @config.chonqed_urls.found_in(content)
+      @config.log("Checking if '#{content}' is banned => #{banned}")
       banned 
     end
 
@@ -28,6 +26,12 @@ module Wiki2Go
       return added_urls(original_content,modified_content).size > max_new_urls
     end
 
+    # Some idiot spams the xp.be wiki with loads of <a href="  "> tags
+    def empty_urls_in(content)
+      refs = content.scan(/href="(\s+)"/)
+      refs.length > 0
+    end
+    
     def added_urls(original_content, modified_content)
       url_finder = Wiki2Go::UrlFinder.new
 
@@ -38,27 +42,21 @@ module Wiki2Go
     end
 
     def blacklist_user(author)
-      bad_users = banned_users
+      bad_users = @config.banned_users
       bad_users.add(author)
       @config.storage.save_list(bad_users)
     end
 
     def blacklist_url(url)
-      banned_urls.add(url)
-      @config.storage.save_list(banned_urls)
+      @config.banned_urls.add(url)
+      @config.storage.save_list(@config.banned_urls)
     end
 
     def blacklist_urls(urls)
       urls.each do |url|
-        banned_urls.add(url)
+        @config.banned_urls.add(url)
       end
-      @config.storage.save_list(banned_urls)
-    end
-
-    def blacklist_user_and_urls_added(author,original,new_content)
-      blacklist_user(author)
-      new_urls = added_urls(original,new_content)
-      blacklist_urls(new_urls)
+      @config.storage.save_list(@config.banned_urls)
     end
 
     def greylist_new_urls(author,original,new_content)
@@ -68,7 +66,7 @@ module Wiki2Go
 
     def greylist_urls(author,new_urls)
       if new_urls.length > 0 then    
-        list = greylist
+        list = @config.greylist
         new_urls.each do |url|
           list.add(author,url)
         end
@@ -77,16 +75,16 @@ module Wiki2Go
     end
 
     def greylisted_url?(url)
-      greylist.contains_url?(url)
+      @config.greylist.contains_url?(url)
     end
 
     def greylist_suspects
-      greylist.suspects
+      @config.greylist.suspects
     end
 
     def remove_from_greylist(author,url)
-      greylist.remove(author,url)
-      @config.storage.save_list(greylist)
+      @config.greylist.remove(author,url)
+      @config.storage.save_list(@config.greylist)
     end
 
     def update_chongqed
@@ -100,28 +98,21 @@ module Wiki2Go
       end
       output
     end
-
-    private
-
-    def banned_users
-      @banned_users ||= @config.storage.load_blacklist('user')
-      @banned_users
-    end    
-
-    def banned_urls
-      @banned_urls ||= @config.storage.load_blacklist('url')
-      @banned_urls
+    
+    # Verify if a spammer tries to obfuscate his crap by using inline hidden styles
+    # content = HTML text to examine
+    def hidden_text_in(content)
+      content =~ /<(\S[^>]*style\s*=\s*"[^"]*display\s*:\s*none[^>]*)>/i
     end
-
-    def chonqed_urls
-      @chonqed_urls ||= @config.storage.load_blacklist('chonqed')
-      @chonqed_urls
+    
+    # Detect when a non-authenticated user tries to clear a page
+    def cleared_page?(content)
+      content !~ /\S/
     end
 
-    def greylist
-      @greylist ||= @config.storage.load_greylist
-      @greylist
-    end
+    private
+
+ 
 
   end
 end

data/lib/Wiki2Go/Web.rb

@@ -53,9 +53,11 @@ module Wiki2Go
       @request.nil? ? 'unknown' : @request.user
     end
 
-    def secure
-      @request.nil? ? false : @request.authenticated
-    end
+    def secure?
+      @request.nil? ? false : @request.authenticated?
+  end
+
+  alias :secure :secure?
 
     def alias=(name)
       @alias = name
@@ -91,6 +93,11 @@ module Wiki2Go
         File.join(@name,@current_page)
       end
     end
+    
+    # The URL of the static error page
+    def error_page
+      File.join(base_url,'error.html')
+    end
 
     def Web.page_url(server,port,url,verb,config)
       before,verb,web,page = Web.parse_url(url,verb,config)