/
Oops.pm
187 lines (142 loc) · 5.21 KB
/
Oops.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# See bottom of file for license and copyright information
=begin TML
---+ package Foswiki::UI::Oops
UI delegate for oops function
=cut
package Foswiki::UI::Oops;
use v5.14;
use Assert;
use Foswiki ();
use Foswiki::Class;
extends qw(Foswiki::UI);
=begin TML
---++ StaticMethod oops_cgi($session)
=oops= command handler.
This method is designed to be invoked via the =UI::run= method.
CGI parameters:
| =template= | name of template to use |
| =paramN= | Parameter for expansion of template |
%PARAMn% tags will be expanded in the template using the 'paramN'
values in the query.
=cut
sub oops_cgi {
my $this = shift;
my $req = $this->app->request;
$this->oops( $req->web, $req->topic, 0 );
}
=begin TML
---++ StaticMethod oops($web, $topic, $keep)
The body of an oops script call, abstracted out so it can be called for
the case where an oops is required, but all the parameters in the query
must be saved for passing on to another URL invoked from a form in
the template. If $keep is defined, it must be a reference to a hash
(usually an oopsexception) that defines the parameters to the
script (template, def etc). In this case, all the parameters in
the =$req= are added as hiddens into the expanded template.
=cut
sub oops {
my $this = shift;
my ( $web, $topic, $keep ) = @_;
my $app = $this->app;
my $req = $app->request;
my $templates = $app->templates;
# Foswikitask:Item885: web and topic are required to have values
$web ||= $req->web;
# If web name is completely missing, it may have contained
# illegal characters
$web ||= '';
$topic ||= $req->topic;
my $tmplName;
my $def;
my @params;
my $n = 1;
if ($keep) {
# Use oops parameters from the keep hash instead
$tmplName = $keep->{template};
$def = $keep->{def};
if ( ref( $keep->{params} ) eq 'ARRAY' ) {
foreach my $p ( @{ $keep->{params} } ) {
push( @params, $p );
$n++;
}
}
elsif ( defined $keep->{params} ) {
push( @params, $keep->{params} );
}
}
else {
$tmplName = $req->param('template');
$def = $req->param('def');
while ( defined( my $param = $req->param( 'param' . $n ) ) ) {
# Don't accept internal render tokens in parameters
#$param =~ s/[\x00-\x03]//g;
push( @params, $param );
$n++;
}
}
$tmplName ||= 'oops';
# Item5324: Filter to block XSS
$tmplName =~ s/$Foswiki::regex{webTopicInvalidCharRegex}//g;
# Do not pass on the template parameter otherwise continuation won't work
$req->delete('template');
my $tmplData = $templates->readTemplate( $tmplName, no_oops => 1 );
if ( !defined($tmplData) ) {
# Can't throw an OopsException here, cos we'd just recurse. Build
# an error page from scratch,
$tmplData =
CGI::start_html()
. CGI::h1( {}, 'Foswiki Installation Error' )
. <<MESSAGE . CGI::end_html();
Template "$tmplName" not found.
<p />
Check the configuration settings for {TemplateDir} and {TemplatePath}.
MESSAGE
}
else {
if ( defined $def ) {
# if a def is specified, instantiate that def
my $blah = $templates->expandTemplate($def);
$tmplData =~ s/%INSTANTIATE%/$blah/;
}
# Warning: do NOT attempt to instantiate a topic object with
# a null or bogus web name!
my $topicObject = $this->create(
'Foswiki::Meta',
web => $web || $app->cfg->data->{SystemWebName},
topic => $topic
);
$tmplData = $topicObject->expandMacros($tmplData);
$n = 1;
foreach my $param (@params) {
# Entity-encode, to block any potential HTML payload
$param = Foswiki::entityEncode($param);
$tmplData =~ s/%PARAM$n%/$param/g;
$n++;
}
# Suppress missing params
$tmplData =~ s/%PARAM\d+%//g;
$tmplData = $topicObject->expandMacros($tmplData);
$tmplData = $topicObject->renderTML($tmplData);
}
$app->writeCompletePage($tmplData);
}
1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Copyright (C) 2008-2016 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
Additional copyrights apply to some or all of the code in this
file as follows:
Copyright (C) 1999-2007 Peter Thoeny, peter@thoeny.org
and TWiki Contributors. All Rights Reserved. TWiki Contributors
are listed in the AUTHORS file in the root of this distribution.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version. For
more details read LICENSE in the root of this distribution.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
As per the GPL, removal of this notice is prohibited.