Item11433: check access rights before extracting the TopicTitle

git-svn-id: http://svn.foswiki.org/trunk/NatSkinPlugin@14081 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Feb 24, 2012 · 46af213 · 46af213
1 parent de98e97
commit 46af213
Show file tree

Hide file tree

Showing 15 changed files with 30 additions and 18 deletions.
diff --git a/bin/natsearch b/bin/natsearch
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 # Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2003-2010 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 Michael Daum http://michaeldaumconsulting.com
 # 
 # based on photonsearch
 # Copyright (C) 2001 Esteban Manchado Velázquez, zoso@foton.es

diff --git a/data/System/NatSkinPlugin.txt b/data/System/NatSkinPlugin.txt
@@ -201,7 +201,7 @@ See NatSkin#Installation_Instructions
    * Set SHORTDESCRIPTION = Theming engine for NatSkin
 -->
 |  Plugin Author: | Michael Daum |
-|  Copyright &copy;: | 2003-2010, Michael Daum http://michaeldaumconsulting.com |
+|  Copyright &copy;: | 2003-2012, Michael Daum http://michaeldaumconsulting.com |
 |  License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) |
 |  Release: | %$RELEASE% |
 |  Version: | %$VERSION% |

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin.pm b/lib/Foswiki/Plugins/NatSkinPlugin.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/ContentType.pm b/lib/Foswiki/Plugins/NatSkinPlugin/ContentType.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/DEPENDENCIES b/lib/Foswiki/Plugins/NatSkinPlugin/DEPENDENCIES
@@ -10,6 +10,7 @@ Foswiki::Plugins::NatEditPlugin,>=1993,perl,Required
 Foswiki::Plugins::RenderPlugin,>=3644,perl,Required
 Foswiki::Plugins::SetVariablePlugin,>=4287,perl,Required
 Foswiki::Plugins::TopicInteractionPlugin,>=1340,perl,Required
+Foswiki::Plugins::ImagePlugin,>=2.40,perl,Required
 Foswiki::Plugins::WebLinkPlugin,>=1,perl,Optional
 ONLYIF ( $Foswiki::Plugins::VERSION < 2.1)
 Foswiki::Plugins::ZonePlugin,>=3.1,perl,Required. required for Foswiki < 1.1
diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/ExternalLink.pm b/lib/Foswiki/Plugins/NatSkinPlugin/ExternalLink.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/HtmlTitle.pm b/lib/Foswiki/Plugins/NatSkinPlugin/HtmlTitle.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2011 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -72,7 +72,13 @@ sub getTopicTitle {
 
   #print STDERR "using foswiki core means\n";
 
-  my ($meta, undef) = Foswiki::Func::readTopic($web, $topic);
+  my ($meta, $text) = Foswiki::Func::readTopic($web, $topic);
+
+  if ($Foswiki::cfg{SecureTopicTitles}) {
+    my $wikiName = Foswiki::Func::getWikiName();
+    return $topic
+      unless Foswiki::Func::checkAccessPermission('VIEW', $wikiName, $text, $topic, $web, $meta);
+  }
 
   # read the formfield value
   my $title = $meta->get('FIELD', 'TopicTitle');

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/Revisions.pm b/lib/Foswiki/Plugins/NatSkinPlugin/Revisions.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/Search.pm b/lib/Foswiki/Plugins/NatSkinPlugin/Search.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # Plugin for Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # Based on photonsearch
 # Copyright (C) 2001 Esteban Manchado Velázquez, zoso@foton.es

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/ThemeEngine.pm b/lib/Foswiki/Plugins/NatSkinPlugin/ThemeEngine.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2011 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -394,6 +394,7 @@ sub run {
       }
       push @newSkin, $item;
     }
+
     my $newSkin = join(', ', @newSkin);
 
     writeDebug("old skin=$skin, newSkin=$newSkin");

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/UserActions.pm b/lib/Foswiki/Plugins/NatSkinPlugin/UserActions.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2011 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/Utils.pm b/lib/Foswiki/Plugins/NatSkinPlugin/Utils.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/WebComponent.pm b/lib/Foswiki/Plugins/NatSkinPlugin/WebComponent.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2011 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/WebLink.pm b/lib/Foswiki/Plugins/NatSkinPlugin/WebLink.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

diff --git a/lib/Foswiki/Plugins/NatSkinPlugin/WebLogo.pm b/lib/Foswiki/Plugins/NatSkinPlugin/WebLogo.pm
@@ -1,7 +1,7 @@
 ###############################################################################
 # NatSkinPlugin.pm - Plugin handler for the NatSkin.
 # 
-# Copyright (C) 2003-2010 MichaelDaum http://michaeldaumconsulting.com
+# Copyright (C) 2003-2012 MichaelDaum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -55,6 +55,10 @@ sub render {
   $result =~ s/\$style/renderStyle()/ge;
   $result =~ s/\$alt/renderAlt()/ge;
   $result =~ s/\$name/renderName()/ge;
+  $result =~ s/\$perce?nt/\%/go;
+  $result =~ s/\$nop//go;
+  $result =~ s/\$n/\n/go;
+  $result =~ s/\$dollar/\$/go;
 
   return $result;
 
@@ -137,13 +141,13 @@ sub renderLogo {
   my $name = renderName();
 
   if ($name) {
-    $result = '<span class="natWebLogo">$name</span>';
+    $result = '<span class="natWebLogo natWebLogoName">$name</span>';
   } else {
     my $image = renderSrc();
     if ($image) {
-      $result = '<img class="natWebLogo" src="$src" alt="$alt" border="0" />';
+      $result = '<img class="natWebLogo natWebLogoImage" src="$src" alt="$alt" border="0" />';
     } else {
-      $result = '<span class="natWebLogo">%WIKITOOLNAME%</span>';
+      $result = '<span class="natWebLogo natWebLogoName">%WIKITOOLNAME%</span>';
     }
   }