X-Git-Url: https://scripts.mit.edu/gitweb/www/ikiwiki.git/blobdiff_plain/03d7f84f28aaac46bd7cfc616a995402e89cc4cc..9776bbf8532d0a952e907c160dc31ce27c0d08e5:/IkiWiki/Plugin/attachment.pm diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm index ef6d79a9c..c6711aa05 100644 --- a/IkiWiki/Plugin/attachment.pm +++ b/IkiWiki/Plugin/attachment.pm @@ -11,6 +11,40 @@ sub import { #{{{ hook(type => "formbuilder", id => "attachment", call => \&formbuilder); } # }}} +sub check_canattach ($$;$) { + my $session=shift; + my $dest=shift; # where it's going to be put, under the srcdir + my $file=shift; # the path to the attachment currently + + # Don't allow an attachment to be uploaded with the same name as an + # existing page. + if (exists $pagesources{$dest} && $pagesources{$dest} ne $dest) { + error(sprintf(gettext("there is already a page named %s"), $dest)); + } + + # Use a special pagespec to test that the attachment is valid. + my $allowed=1; + foreach my $admin (@{$config{adminuser}}) { + my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments"); + if (defined $allowed_attachments && + length $allowed_attachments) { + $allowed=pagespec_match($dest, + $allowed_attachments, + file => $file, + user => $session->param("name"), + ip => $ENV{REMOTE_ADDR}, + ); + last if $allowed; + } + } + if (! $allowed) { + error(gettext("prohibited by allowed_attachments")." ($allowed)"); + } + else { + return 1; + } +} + sub checkconfig () { #{{{ $config{cgi_disable_uploads}=0; } #}}} @@ -113,25 +147,8 @@ sub formbuilder (@) { #{{{ # Check that the user is allowed to edit a page with the # name of the attachment. IkiWiki::check_canedit($filename, $q, $session, 1); - - # Use a special pagespec to test that the attachment is valid. - my $allowed=1; - foreach my $admin (@{$config{adminuser}}) { - my $allowed_attachments=IkiWiki::userinfo_get($admin, "allowed_attachments"); - if (defined $allowed_attachments && - length $allowed_attachments) { - $allowed=pagespec_match($filename, - $allowed_attachments, - file => $tempfile, - user => $session->param("name"), - ip => $ENV{REMOTE_ADDR}, - ); - last if $allowed; - } - } - if (! $allowed) { - error(gettext("attachment rejected")." ($allowed)"); - } + # And that the attachment itself is acceptable. + check_canattach($session, $filename, $tempfile); # Needed for fast_file_copy and for rendering below. require IkiWiki::Render; @@ -386,6 +403,9 @@ sub match_virusfree ($$;@) { #{{{ waitpid $pid, 0; $SIG{PIPE}="DEFAULT"; if ($sigpipe || $?) { + if (! length $reason) { + $reason="virus checker $IkiWiki::config{virus_checker}; failed with no output"; + } return IkiWiki::FailReason->new("file seems to contain a virus ($reason)"); } else { @@ -416,6 +436,9 @@ sub match_user ($$;@) { #{{{ if (defined $params{user} && lc $params{user} eq lc $user) { return IkiWiki::SuccessReason->new("user is $user"); } + elsif (! defined $params{user}) { + return IkiWiki::FailReason->new("not logged in"); + } else { return IkiWiki::FailReason->new("user is $params{user}, not $user"); }