From 10b0561acae74f4575cfb22179a307ed77d85bcb Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Fri, 28 Sep 2007 03:57:52 +0000
Subject: [PATCH] Category lists and WikiReferences restrict to current Web.
 Fix one sanitization test.

---
 app/controllers/revision_sweeper.rb |  2 +-
 app/controllers/wiki_controller.rb  |  4 +--
 app/models/page_set.rb              |  8 ++---
 app/models/wiki_reference.rb        | 56 +++++++++++++++++------------
 test/unit/chunks/nowiki_test.rb     |  2 +-
 5 files changed, 41 insertions(+), 31 deletions(-)

diff --git a/app/controllers/revision_sweeper.rb b/app/controllers/revision_sweeper.rb
index 1db2d2c6..ba3d6faa 100644
--- a/app/controllers/revision_sweeper.rb
+++ b/app/controllers/revision_sweeper.rb
@@ -22,7 +22,7 @@ class RevisionSweeper < ActionController::Caching::Sweeper
   
   def expire_caches(page)
     expire_cached_summary_pages(page.web)
-    pages_to_expire = ([page.name] + WikiReference.pages_that_reference(page.name)).uniq
+    pages_to_expire = ([page.name] + WikiReference.pages_that_reference(page.web, page.name)).uniq
     pages_to_expire.each { |page_name| expire_cached_page(page.web, page_name) }
   end
 
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index b2a58d63..98cfb040 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -348,11 +348,11 @@ class WikiController < ApplicationController
   end
 
   def parse_category
-    @categories = WikiReference.list_categories.sort
+    @categories = WikiReference.list_categories(@web).sort
     @category = params['category']
     if @category
       @set_name = "category '#{@category}'"
-      pages = WikiReference.pages_in_category(@category).sort.map { |page_name| @web.page(page_name) }
+      pages = WikiReference.pages_in_category(@web, @category).sort.map { |page_name| @web.page(page_name) }
       @pages_in_category = PageSet.new(@web, pages)
     else
       # no category specified, return all pages of the web
diff --git a/app/models/page_set.rb b/app/models/page_set.rb
index 4ac08c00..ac2c7caf 100644
--- a/app/models/page_set.rb
+++ b/app/models/page_set.rb
@@ -31,17 +31,17 @@ class PageSet < Array
   end
   
   def pages_that_reference(page_name)
-    all_referring_pages = WikiReference.pages_that_reference(page_name)
+    all_referring_pages = WikiReference.pages_that_reference(@web, page_name)
     self.select { |page| all_referring_pages.include?(page.name) }
   end
   
   def pages_that_link_to(page_name)
-    all_linking_pages = WikiReference.pages_that_link_to(page_name)
+    all_linking_pages = WikiReference.pages_that_link_to(@web, page_name)
     self.select { |page| all_linking_pages.include?(page.name) }
   end
 
   def pages_that_include(page_name)
-    all_including_pages = WikiReference.pages_that_include(page_name)
+    all_including_pages = WikiReference.pages_that_include(@web, page_name)
     self.select { |page| all_including_pages.include?(page.name) }
   end
 
@@ -85,7 +85,7 @@ class PageSet < Array
 
   def wiki_words
     self.inject([]) { |wiki_words, page|
-      wiki_words + page.wiki_words
+        wiki_words + page.wiki_words
     }.flatten.uniq.sort
   end
 
diff --git a/app/models/wiki_reference.rb b/app/models/wiki_reference.rb
index c326e8ad..9bcb7557 100644
--- a/app/models/wiki_reference.rb
+++ b/app/models/wiki_reference.rb
@@ -11,43 +11,53 @@ class WikiReference < ActiveRecord::Base
   belongs_to :page
   validates_inclusion_of :link_type, :in => [LINKED_PAGE, WANTED_PAGE, INCLUDED_PAGE, CATEGORY, AUTHOR, FILE, WANTED_FILE]
 
-  # FIXME all finders below MUST restrict their results to pages belonging to a particular web
-
   def self.link_type(web, page_name)
     web.has_page?(page_name) ? LINKED_PAGE : WANTED_PAGE
   end
 
-  def self.pages_that_reference(page_name)
-    query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
-        'WHERE wiki_references.referenced_name = ?' +
-        "AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}', '#{INCLUDED_PAGE}')"
+  def self.pages_that_reference(web, page_name)
+    query = 'SELECT name FROM pages JOIN wiki_references ' +
+      'ON pages.id = wiki_references.page_id ' +
+      'WHERE wiki_references.referenced_name = ? ' +
+      "AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}', '#{INCLUDED_PAGE}') " +
+      "AND pages.web_id = '#{web.id}'"
     names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
   end
 
-  def self.pages_that_link_to(page_name)
-    query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
-        'WHERE wiki_references.referenced_name = ? ' +
-        "AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}')"
+  def self.pages_that_link_to(web, page_name)
+    query = 'SELECT name FROM pages JOIN wiki_references ' +
+      'ON pages.id = wiki_references.page_id ' +
+      'WHERE wiki_references.referenced_name = ? ' +
+      "AND wiki_references.link_type in ('#{LINKED_PAGE}','#{WANTED_PAGE}') " +
+      "AND pages.web_id = '#{web.id}'"
+    names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
+  end
+  
+  def self.pages_that_include(web, page_name)
+    query = 'SELECT name FROM pages JOIN wiki_references ' +
+      'ON pages.id = wiki_references.page_id ' +
+      'WHERE wiki_references.referenced_name = ? ' +
+      "AND wiki_references.link_type = '#{INCLUDED_PAGE}' " +
+      "AND pages.web_id = '#{web.id}'"
     names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
   end
 
-  def self.pages_that_include(page_name)
-    query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
-        'WHERE wiki_references.referenced_name = ? ' +
-        "AND wiki_references.link_type = '#{INCLUDED_PAGE}'"
-    names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
-  end
-
-  def self.pages_in_category(category)
+  def self.pages_in_category(web, category)
     query = 
-        'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
-        'WHERE wiki_references.referenced_name = ? ' +
-        "AND wiki_references.link_type = '#{CATEGORY}'"
+      "SELECT name FROM pages JOIN wiki_references " +
+      "ON pages.id = wiki_references.page_id " +
+      "WHERE wiki_references.referenced_name = ? " +
+      "AND wiki_references.link_type = '#{CATEGORY}' " +
+      "AND pages.web_id = '#{web.id}'"
     names = connection.select_all(sanitize_sql([query, category])).map { |row| row['name'] }
   end
   
-  def self.list_categories
-    query = "SELECT DISTINCT referenced_name FROM wiki_references WHERE link_type = '#{CATEGORY}'"
+  def self.list_categories(web)
+    query = "SELECT DISTINCT wiki_references.referenced_name " +
+      "FROM wiki_references LEFT OUTER JOIN pages " +
+      "ON wiki_references.page_id = pages.id " +
+      "WHERE wiki_references.link_type = '#{CATEGORY}' " +
+      "AND pages.web_id = '#{web.id}'"
     connection.select_all(query).map { |row| row['referenced_name'] }
   end
 
diff --git a/test/unit/chunks/nowiki_test.rb b/test/unit/chunks/nowiki_test.rb
index fdbced54..1eaa602c 100755
--- a/test/unit/chunks/nowiki_test.rb
+++ b/test/unit/chunks/nowiki_test.rb
@@ -14,7 +14,7 @@ class NoWikiTest < Test::Unit::TestCase
 
   def test_sanitized_nowiki
        match(NoWiki, 'This sentence contains <nowiki><span>a b</span> <script>alert("XSS!");</script></nowiki>. Do not touch!',
-               :plain_text => '<span>a b</span> &lt;script&gt;alert("XSS!");&lt;/script&gt;'
+               :plain_text => '<span>a b</span> &lt;script>alert("XSS!");&lt;/script>'
        )
   end