Item12481: improved security settings for rest handlers

also:
- added typography fixes
- added dependency on CopyContrib replacing limited core mechanisms to copy (parts of) topics
- added support for GenPDFOfficePluggin (generate pdfs using openoffice/libreoffice)




git-svn-id: http://svn.foswiki.org/trunk/NatSkinPlugin@17757 0b4bb1d4-4e5a-0410-9cc4-b2b747904278

lib/Foswiki/Plugins/NatSkinPlugin.pm

@@ -26,12 +26,20 @@ use Foswiki::Plugins::NatSkinPlugin::ThemeEngine ();
 use Foswiki::Plugins::NatSkinPlugin::Utils ();
 use Foswiki::Plugins::NatSkinPlugin::WebComponent ();
 
+our $START = '(?:^|(?<=[\w\b\s]))';
+our $STOP = '(?:$|(?=[\w\b\s\,\.\;\:\!\?\)\(]))';
+
+BEGIN {
+  #print STDERR "Perl Version $]\n";
+}
+
+
 ###############################################################################
 our $baseWeb;
 our $baseTopic;
 
-our $VERSION = '3.99_009';
-our $RELEASE = '3.99_009';
+our $VERSION = '3.99_010';
+our $RELEASE = '3.99_010';
 our $NO_PREFS_IN_TOPIC = 1;
 our $SHORTDESCRIPTION = 'Support plugin for <nop>NatSkin';
 our $themeEngine;
@@ -138,15 +146,19 @@ sub initPlugin {
       require Foswiki::Plugins::NatSkinPlugin::Subscribe;
       return Foswiki::Plugins::NatSkinPlugin::Subscribe::restSubscribe(@_);
     },
-    authenticate => 1
+    authenticate => 1,
+    validate => 0,
+    http_allow => 'POST',
   );
   Foswiki::Func::registerRESTHandler(
     'unsubscribe',
     sub {
       require Foswiki::Plugins::NatSkinPlugin::Subscribe;
       return Foswiki::Plugins::NatSkinPlugin::Subscribe::restSubscribe(@_);
     },
-    authenticate => 1
+    authenticate => 1,
+    validate => 0,
+    http_allow => 'POST',
   );
 
   Foswiki::Func::registerTagHandler(
@@ -163,8 +175,6 @@ sub initPlugin {
   Foswiki::Plugins::NatSkinPlugin::Utils::init();
   Foswiki::Plugins::NatSkinPlugin::WebComponent::init();
 
-  #print STDERR "Perl Version $]\n";
-
   return 1;
 }
 
@@ -178,14 +188,26 @@ sub getThemeEngine {
 }
 
 ###############################################################################
-sub postRenderingHandler {
+sub endRenderingHandler {
 
-  # detect external links
-  return unless $Foswiki::cfg{NatSkin}{DetectExternalLinks};
+  if ($Foswiki::cfg{NatSkin}{DetectExternalLinks}) {
+    require Foswiki::Plugins::NatSkinPlugin::ExternalLink;
+    $_[0] =~ s/<a\s+([^>]*?href=(?:\"|\'|&quot;)?)([^\"\'\s>]+(?:\"|\'|\s|&quot;>)?)/'<a '.Foswiki::Plugins::NatSkinPlugin::ExternalLink::render($1,$2)/geoi;
+  }
 
-  require Foswiki::Plugins::NatSkinPlugin::ExternalLink;
+  if ($Foswiki::cfg{NatSkin}{FixTypograpghy}) {
+    $_[0] =~ s((?<=[^\w\-])\-\-\-(?=[^\w\-\+]))(&#8212;)go;         # emdash
+    $_[0] =~ s/$START``$STOP/&#8220/go;
+    $_[0] =~ s/$START''$STOP/&#8221/go;
+    $_[0] =~ s/$START,,$STOP/&#8222/go;
+    $_[0] =~ s/$START\(c\)$STOP/&#169/go;
+    $_[0] =~ s/$START\(r\)$STOP/&#174/go;
+    $_[0] =~ s/$START\(tm\)$STOP/&#8482/go;
+    $_[0] =~ s/$START\.\.\.$STOP/&#8230/go;
+    $_[0] =~ s/\-&gt;/&#8594;/go;
+    $_[0] =~ s/&lt;\-/&#8592;/go;
+  }
 
-  $_[0] =~ s/<a\s+([^>]*?href=(?:\"|\'|&quot;)?)([^\"\'\s>]+(?:\"|\'|\s|&quot;>)?)/'<a '.Foswiki::Plugins::NatSkinPlugin::ExternalLink::render($1,$2)/geoi;
 }
 
 ###############################################################################

lib/Foswiki/Plugins/NatSkinPlugin/Config.spec

@@ -40,6 +40,11 @@ $Foswiki::cfg{NatSkin}{NoSideBarActions} = 'edit, manage, login, logon, oops, re
 # link is driving him off the site. This is a prerequisite to open external links in an extra borwser window/tab.
 $Foswiki::cfg{NatSkin}{DetectExternalLinks} = 0;
 
+# **BOOLEAN**
+# Enable this switch to perform some basic typographic fixes to the output text: support proper quotes, arrows and 
+# ellipsis.
+$Foswiki::cfg{NatSkin}{FixTypograpghy} = 0;
+
 # ---+++ Internet Explorer
 # **STRING**
 # Add an X-UA-Compatible entry to the HTTP headers. Use "ie=edge" to force any IE into the best mode supported. Add "chrome=1"

lib/Foswiki/Plugins/NatSkinPlugin/DEPENDENCIES

@@ -1,4 +1,6 @@
+Foswiki::Contrib::CopyContrib,>=1.0,perl,Required.
 Foswiki::Contrib::FamFamFamContrib,>=2075,perl,Required.
+Foswiki::Contrib::NatSkin,>=3.99_004,perl,Required
 Foswiki::Plugins::AutoTemplatePlugin,>=2.01,perl,Required
 Foswiki::Plugins::BreadCrumbsPlugin,>=4318,perl,Required
 Foswiki::Plugins::CaptchaPlugin,>=2.0.0,perl,Optional
@@ -7,11 +9,11 @@ Foswiki::Plugins::FilterPlugin,>=3491,perl,Required
 Foswiki::Plugins::FlexWebListPlugin,>=3493,perl,Required
 Foswiki::Plugins::ImagePlugin,>=2.40,perl,Required
 Foswiki::Plugins::ImagePlugin,>=6307,perl,Required
-Foswiki::Plugins::JQueryPlugin,>=4.91,perl,Required
+Foswiki::Plugins::JQueryPlugin,>=5.00,perl,Required
 Foswiki::Plugins::MimeIconPlugin,>=1,perl,Required
 Foswiki::Plugins::NatEditPlugin,>=1993,perl,Required
-Foswiki::Plugins::RenderPlugin,>=3644,perl,Required
 Foswiki::Plugins::PageOptimizerPlugin,>=0.10,perl,Optional
+Foswiki::Plugins::RenderPlugin,>=3644,perl,Required
 Foswiki::Plugins::TopicInteractionPlugin,>=1340,perl,Required
 Foswiki::Plugins::WebLinkPlugin,>=1,perl,Required
 ONLYIF ( $Foswiki::Plugins::VERSION < 2.1)

lib/Foswiki/Plugins/NatSkinPlugin/UserActions.pm

@@ -58,6 +58,7 @@ sub render {
 
   if ( $context->{GenPDFPrincePluginEnabled}
     || $context->{GenPDFWebkitPluginEnabled}
+    || $context->{GenPDFOfficePluginEnabled}
     || $context->{PdfPluginEnabled})
   {
     # SMELL: how do we detect GenPDFAddOn...see also getPdfUrl
@@ -355,7 +356,9 @@ sub getPdfUrl {
 
   my $url;
   my $context = Foswiki::Func::getContext();
-  if ($context->{GenPDFPrincePluginEnabled} || $context->{GenPDFWebkitPluginEnabled}) {
+  if ($context->{GenPDFPrincePluginEnabled} || 
+      $context->{GenPDFOfficePluginEnabled} ||
+      $context->{GenPDFWebkitPluginEnabled}) {
     $url = Foswiki::Plugins::NatSkinPlugin::Utils::getScriptUrlPath(
       'view',
       undef, undef,