Permalink
Browse files

Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki

  • Loading branch information...
distler committed Jun 24, 2018
2 parents 29a7519 + caad014 commit e19cd66cb2ff6aae23ad1b4cb5a0da258e024a3f
@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base
# For injecting a different wiki model implementation. Intended for use in tests
def self.wiki=(the_wiki)
# a global variable is used here because Rails reloads controller and model classes in the
# a global variable is used here because Rails reloads controller and model classes in the
# development environment; therefore, storing it as a class variable does not work
# class variable is, anyway, not much different from a global variable
#$instiki_wiki_service = the_wiki
@@ -39,15 +39,15 @@ def html_ext
'xhtml'
else
'html'
end
end
end
def darken(s)
n=s.length/3
s.scan( %r(\w{#{n},#{n}}) ).collect {|a| (a.hex * 2/3).to_s(16).rjust(n,'0')}.join
end
def check_authorization
def check_authorization
redirect_to(:controller => 'wiki', :action => 'login',
:web => @web_name) if in_a_web? and authorization_needed? and not authorized?
end
@@ -65,10 +65,10 @@ def connect_to_model
end
FILE_TYPES = {
'.aif' => 'audio/x-aiff',
'.aiff'=> 'audio/x-aiff',
'.avi' => 'video/x-msvideo',
'.cdf' => 'application/vnd.wolfram.cdf.text',
'.aif' => 'audio/x-aiff',
'.aiff'=> 'audio/x-aiff',
'.avi' => 'video/x-msvideo',
'.cdf' => 'application/vnd.wolfram.cdf.text',
'.exe' => 'application/octet-stream',
'.gif' => 'image/gif',
'.jpg' => 'image/jpeg',
@@ -113,7 +113,7 @@ def connect_to_model
'text/plain' => 'inline',
'application/zip' => 'attachment'
} unless defined? DISPOSITION
def determine_file_options_for(file_name, original_options = {})
original_options[:type] ||= (FILE_TYPES[File.extname(file_name)] or 'application/octet-stream')
original_options[:disposition] ||= (DISPOSITION[original_options[:type]] or 'attachment')
@@ -122,7 +122,7 @@ def determine_file_options_for(file_name, original_options = {})
( request.remote_addr == LOCALHOST || defined?(PhusionPassenger) )
original_options
end
def send_file(file, options = {})
determine_file_options_for(file, options)
super(file, options)
@@ -140,7 +140,7 @@ def password_check(password)
def password_error(password)
if password.nil? or password.empty?
'Please enter the password.'
else
else
'You entered a wrong password. Please enter the right one.'
end
end
@@ -154,7 +154,7 @@ def redirect_home(web = @web_name)
end
def redirect_to_page(page_name = @page_name, web = @web_name)
redirect_to :web => web, :controller => 'wiki', :action => 'show',
redirect_to :web => web, :controller => 'wiki', :action => 'show',
:id => (page_name or 'HomePage')
end
@@ -205,9 +205,9 @@ def set_content_type_header
response.content_type = Mime::TEXT
elsif xhtml_enabled?
if request.user_agent =~ /Validator/ or request.env.include?('HTTP_ACCEPT') &&
Mime::Type.parse(request.env["HTTP_ACCEPT"]).include?(Mime::XHTML)
Mime::Type.parse(request.env["HTTP_ACCEPT"]).include?(Mime::XHTML)
response.content_type = Mime::XHTML
elsif request.user_agent =~ /MathPlayer/
elsif request.user_agent =~ /MathPlayer/
response.charset = nil
response.content_type = Mime::XHTML
response.extend(MathPlayerHack)
@@ -244,7 +244,7 @@ def wiki
def in_a_web?
not @web_name.nil?
end
def authorization_needed?
not %w(login authenticate feeds published atom_with_headlines atom_with_content atom_with_changes file blahtex_png).include?(action_name)
end
@@ -255,7 +255,7 @@ def authorized?
cookies.signed[CGI.escape(@web_name)] == @web.password or
password_check(params['password']) or
(@web.published? and action_name == 's5')
rescue ActiveSupport::MessageVerifier::InvalidSignature
flash[:info] = 'Bad cookie. Please reauthenticate.'
cookies.signed[CGI.escape(@web_name)] = ''
@@ -282,7 +282,7 @@ module Mime
# Add XHTML
XHTML = Type.new "application/xhtml+xml", :xhtml
# Fix xhtml and html lookups
LOOKUP["text/html"] = HTML
LOOKUP["application/xhtml+xml"] = XHTML
@@ -298,7 +298,7 @@ module Instiki
module VERSION #:nodoc:
MAJOR = 0
MINOR = 20
TINY = 1
TINY = 1
SUFFIX = '(MML+)'
PRERELEASE = false
if PRERELEASE
@@ -330,7 +330,7 @@ def rollback
def save
render(:status => 404, :text => 'Undefined page name', :layout => 'error') and return if @page_name.nil?
return unless is_post
author_name = params['author'].purify
author_name = params['author'].strip.purify
author_name = 'AnonymousCoward' if author_name =~ /^\s*$/
begin
View
@@ -9,9 +9,9 @@ def initialize(name, ip = nil)
def name=(value)
self.gsub!(/.+/, value)
end
alias_method :name, :to_s
def <=>(other)
name <=> other.to_s
end
@@ -41,7 +41,7 @@ def self.pages_that_link_to(web, page_name)
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_that_link_to_file(web, file_name)
query = 'SELECT name FROM pages JOIN wiki_references ' +
'ON pages.id = wiki_references.page_id ' +
@@ -50,7 +50,7 @@ def self.pages_that_link_to_file(web, file_name)
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, file_name])).map { |row| row['name'] }
end
def self.pages_that_include(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ' +
'ON pages.id = wiki_references.page_id ' +
@@ -69,7 +69,7 @@ def self.pages_redirected_to(web, page_name)
redirected_pages.concat Thread.current[:page_redirects][page] if
Thread.current[:page_redirects] && Thread.current[:page_redirects][page]
redirected_pages.uniq.each { |name| names.concat self.pages_that_reference(web, name) }
names.uniq
names.uniq
end
def self.pages_that_redirect_for(web, page_name)
@@ -95,7 +95,7 @@ def self.pages_in_category(web, category)
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, category])).map { |row| row['name'].as_utf8 }
end
def self.list_categories(web)
query = "SELECT DISTINCT wiki_references.referenced_name " +
"FROM wiki_references LEFT OUTER JOIN pages " +
@@ -128,17 +128,16 @@ def wanted_page?
def included_page?
link_type == INCLUDED_PAGE
end
def file?
link_type == FILE
end
def wanted_file?
link_type == WANTED_FILE
end
def category?
link_type == CATEGORY
end
end
@@ -5,12 +5,12 @@
<%= error_messages_for 'delete' %>
<% form_tag({ :controller => 'file', :web => @web_name, :action => 'delete' },
<% form_tag({ :controller => 'file', :web => @web_name, :action => 'delete' },
{'accept-charset' => 'utf-8' }) do %>
<div class="inputFieldWithPrompt">
<%= hidden_field 'file', 'file_name' %>
<label for="system_password">Enter system password</label>
<input type="password" class="disableAutoComplete" id="system_password"
<input type="password" class="disableAutoComplete" id="system_password"
name="system_password" />
<input type="submit" value="Delete" /><br/>
or go <%= link_to "back", :back %> to the page you came from.
@@ -15,17 +15,17 @@
<br />
<input type="file" id="file_content" name="file[content]" size="40" />
<br />
Please note that the file you are uploading will be named <%= h @file_name %> on the wiki -
regardless of how it is named on your computer. To change the wiki name of the file, please go
<%= link_to("back", @referring_page) %> and edit the wiki page that refers to the file.
<p>Please note that the file you are uploading will be named <%= h @file_name %> on the wiki -
regardless of how it is named on your computer. To change the wiki name of the file, please go
<%= link_to("back", @referring_page) %> and edit the wiki page that refers to the file.</p>
</div>
<div class="inputFieldWithPrompt">
<label for="file_description"><b>Description</b>:</label>
<br/>
<%= text_field "file", "description", "size" => 40 %>
</div>
<div>
<input type="submit" value="Upload" /> as
<input type="submit" value="Upload" /> as
<%= text_field_tag :author, @author,
:onfocus => "this.value == 'AnonymousCoward' ? this.value = '' : true;",
:onblur => "this.value == '' ? this.value = 'AnonymousCoward' : true" %>
@@ -779,6 +779,22 @@ def test_save_new_revision_of_existing_page
assert !home_page.locked?(Time.now)
end
def test_save_new_revision_of_existing_page_whitespace_trimmed
@home.lock(Time.now, 'Batman')
current_revisions = @home.revisions.size
r = process 'save', 'web' => 'wiki1', 'id' => 'HomePage', 'content' => 'Revised HomePage',
'author' => ' Batman '
assert_redirected_to :web => 'wiki1', :controller => 'wiki', :action => 'show', :id => 'HomePage'
assert_equal 'Batman', r.cookies['author']
home_page = @wiki.read_page('wiki1', 'HomePage')
assert_equal current_revisions+1, home_page.revisions.size
assert_equal 'Revised HomePage', home_page.content
assert_equal 'Batman', home_page.author
assert !home_page.locked?(Time.now)
end
def test_save_new_revision_of_existing_page_invalid_utf8
@home.lock(Time.now, 'Batman')
current_revisions = @home.revisions.size
@@ -137,6 +137,12 @@ def test_should_handle_astral_plane_characters
check_sanitization(input, output, output, output)
end
def test_comments_in_attributes
input = %(<a href='examp<!--" script=foo>-->le.com'>test</a> bar)
output=%(<a href='examp&lt;!--&quot; script=foo&gt;--&gt;le.com'>test</a> bar)
check_sanitization(input, output, output, output)
end
# This affects only NS4. Is it worth fixing?
# def test_javascript_includes
# input = %(<div size="&{alert('XSS')}">foo</div>)

0 comments on commit e19cd66

Please sign in to comment.