Changing everything to return objects is a worthy goal, but for now we have
taken enough destructive steps towards it. Therefore, this commit fixes the
problem in backwards compatible way (by adding one more parameter to the
signatures).
Note that this additional parameter is NOT a timestamp, it is a whole page
object. Which means that we are still moving towards our goal of using page
objects everywhere, this commit is just doing it in a backwards-compatible
way.
sub ParseData is fully backwards compatible. If some module runs it in list
context, then it will get listified hash like previously. New code should
always run it in scalar context though (everything in our code base
was changed according to that).
sub GetTextRevision is not backwards compatible (don't let “wantarray” usage
to confuse you). Most modules do not touch that subroutine, so we are probably
fine (modules from our git repo that do use were changed accordingly).
“EncodePage(%$page)” looks wrong. It seems like we should change it to accept
hash ref.
GetEditForm and GetCommentForm will now call all the subs in
@FormChanges in order to let them change the generated HTML. This is
used by all the modules that used to hook into either of these two
functions.
A typical change from questionasker.pl:
push(@MyFormChanges, \&QuestionAddTo);
sub QuestionAddTo {
my ($form, $type, $upload) = @_;
if (not $upload
and not QuestionaskerException(GetId())
and not $QuestionaskerRememberAnswer && GetParam($QuestionaskerSecretKey, 0)
and not UserIsEditor()) {
my $question = QuestionaskerGetQuestion();
$form =~ s/(.*)<p>(.*?)<label for="username">/$1$question<p>$2<label for="username">/;
}
return $form;
}
This commit als moves from &$foo to $foo->() based on a recommendation
in Modern Perl by Conway.
We already called all the subs on @MyFooters and printed the result,
but this commit moves all the code from PrintFooters into subs and
puts those subs on @MyFooters. This allows us to write modules that
can better control where exactly their output should appear. In this
case the change was required in order to allow the Google +1 module to
coexist with code that maybe prints the comment form for all pages.
For example, knowing that the Google +1 sub is the first on one the
list because of unshift(@MyFooters, \&GooglePlusPrintFooter), we can
now write the following:
splice(@MyFooters, 1, 0, \&MyCommentsInTheFooter);
sub MyCommentsInTheFooter {
my ($id, $rev, $comment) = @_;
if (not $GooglePlusThisPagePrintedJournal
and (GetParam('action', 'browse') eq 'browse'
and $id and $CommentsPrefix
and $id ne $RCName
and $id !~ /^$CommentsPrefix(.*)/o)) {
my $target = $CommentsPrefix . $id;
my $page = '';
$page = PageHtml($target) if $IndexHash{$target};
return $q->div({-class=>'comment'},
$q->h2(T('Comments')),
$page)
. GetCommentForm("$CommentsPrefix$id", $rev, $comment);
}
}
The Google +1 extension was also fixed to not triger the EFF's Privacy
Badger. This is OK because we're using a two step button: The user
needs to click a button before we're loading the script from Google.
The recent reorganization of the search code always calls
SearchHighlight, even if the raw parameter is set. This causes a test in
namespace.t to fail.
When the GrepFiltered sub was removed, we didn't check our modules. As
it turns out, tags.pl and mac.pl hooked into this sub to do their job. A
simple no-op Filtered sub was reintroduced for those modules.
Also, all instances of $UseGrep were removed.
The existing code basically used HTML quoted regular expressions on HTML
quoted pages. This meant that you could not search and replace HTML
tags, for example. This commit tries to fix it.
Displaying the cookie is dangerous. If someone finds a way to perform XSS
attack, then he could steal the cookies just by looking at the page contents.
Please note that otherwise cookie contents are not visible from javascript
due to httponly flag.
This feature was not really useful anyway.
With a wiki having 5934 pages:
alex@kallobombus:~/alexschroeder.ch$ for f in $(seq 10); do (time perl wiki.pl search=kabelbinder grep=0) 2>&1 1>/dev/null|grep user; done
user 0m5.816s
user 0m5.954s
user 0m5.878s
user 0m6.100s
user 0m6.043s
user 0m5.971s
user 0m5.900s
user 0m6.003s
user 0m6.065s
user 0m6.098s
alex@kallobombus:~/alexschroeder.ch$ for f in $(seq 10); do (time perl wiki.pl search=kabelbinder grep=1) 2>&1 1>/dev/null|grep user; done
user 0m6.126s
user 0m6.105s
user 0m6.109s
user 0m6.167s
user 0m6.205s
user 0m5.980s
user 0m6.107s
user 0m6.047s
user 0m6.200s
user 0m6.133s
Uploaded images had no tooltips in Firefox because there was
no “title” attribute.
This change has a positive impact on creole.pl because
Creole Extension is using GetDownloadLink core subroutine.
If XSS ever comes through, we don't want it to read passwords or do wiki
actions (like editing pages).
Although it does not protect against MitM attacks (all data sent through
HTTP is sent as plaintext, therefore it is easy to get the cookies),
still it gives a protection against script-kiddies. Use HTTPS to get
it completely secure.
This is a prerequisite for anti-CSRF Double Submit Cookies.
Previously it was possible to see "The lock was created 1000 hours ago.
After ten minutes, you could try to unlock the wiki".
While technially that's true, it does not sound nice to humans.
Also, now the button to unlock the wiki is not displayed until 10 minutes
pass. This is probably a good idea to prevent unconscious unlocks.
T('Unlock Wiki') string is reused (the same string is displayed on the
Administration page)
I also added some comments explaining why we need it. When calling
ReportError, we don't know whether HTTP headers have already been
printed. If not, we need to print them or the error message will be an
invalid HTTP response. If we did, we must not reprint them or the HTML
page will contain HTTP headers as part of its response body.
$HeaderIsPrinted makes sure the HTTP headers are printed just once.
The recent changes in commit 62d6dc4b—fixing the summary for last major
revisions—resulted in some changes in the output. These changes seem to
be OK so I removed the tests for the old output.
Basically, the tests created a new page using a minor change. What
should the output be when browsing the page with diff=1? "No diff
available" is correct. There is no need to mention the last major change
because there is none.
The next tests edited the same page using minor changes. What should the
output be when browsing the page with diff=1? "No diff available" is
still correct. There is still no need to mention the last major change
because there is none.
As reported by npostavs: When looking at an URL such as
http://www.emacswiki.org/emacs?action=rss;full=1;diff=1;page=0 and
looking at a minor change, we would see the diff for the last major
change. Instead of showing the summary for that change, however, we'd
see the summary for the last (minor) edit. This commit fixes this issue.
$NewText is replaced by a call to NewText() which you can overwrite. Or
you can provide translations for the texts used by NewText(). Basically,
the new text explains that the page in question does not exist and
invites you edit it.
