deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Category lists and WikiReferences restrict to current Web.

Browse source 
Fix one sanitization test.
This commit is contained in:
Jacques Distler 2007-09-28 03:57:52 +00:00
parent 2cd2b2746e
commit 10b0561aca
5 changed files with 41 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/revision_sweeper.rb
View file

@ -22,7 +22,7 @@ class RevisionSweeper < ActionController::Caching::Sweeper
def expire_caches(page) def expire_caches(page)
expire_cached_summary_pages(page.web) expire_cached_summary_pages(page.web)
pages_to_expire = ([page.name] + WikiReference.pages_that_reference(page.name)).uniq pages_to_expire = ([page.name] + WikiReference.pages_that_reference(page.web, page.name)).uniq
pages_to_expire.each { |page_name| expire_cached_page(page.web, page_name) } pages_to_expire.each { |page_name| expire_cached_page(page.web, page_name) }
end end

4
app/controllers/wiki_controller.rb
View file

@ -348,11 +348,11 @@ class WikiController < ApplicationController
end end
def parse_category def parse_category
@categories = WikiReference.list_categories.sort @categories = WikiReference.list_categories(@web).sort
@category = params['category'] @category = params['category']
if @category if @category
@set_name = "category '#{@category}'" @set_name = "category '#{@category}'"
pages = WikiReference.pages_in_category(@category).sort.map { |page_name| @web.page(page_name) } pages = WikiReference.pages_in_category(@web, @category).sort.map { |page_name| @web.page(page_name) }
@pages_in_category = PageSet.new(@web, pages) @pages_in_category = PageSet.new(@web, pages)
else else
# no category specified, return all pages of the web # no category specified, return all pages of the web

8
app/models/page_set.rb
View file

@ -31,17 +31,17 @@ class PageSet < Array
end end
def pages_that_reference(page_name) def pages_that_reference(page_name)
all_referring_pages = WikiReference.pages_that_reference(page_name) all_referring_pages = WikiReference.pages_that_reference(@web, page_name)
self.select { |page| all_referring_pages.include?(page.name) } self.select { |page| all_referring_pages.include?(page.name) }
end end
def pages_that_link_to(page_name) def pages_that_link_to(page_name)
all_linking_pages = WikiReference.pages_that_link_to(page_name) all_linking_pages = WikiReference.pages_that_link_to(@web, page_name)
self.select { |page| all_linking_pages.include?(page.name) } self.select { |page| all_linking_pages.include?(page.name) }
end end
def pages_that_include(page_name) def pages_that_include(page_name)
all_including_pages = WikiReference.pages_that_include(page_name) all_including_pages = WikiReference.pages_that_include(@web, page_name)
self.select { |page| all_including_pages.include?(page.name) } self.select { |page| all_including_pages.include?(page.name) }
end end
@ -85,7 +85,7 @@ class PageSet < Array
def wiki_words def wiki_words
self.inject([]) { |wiki_words, page| self.inject([]) { |wiki_words, page|
wiki_words + page.wiki_words wiki_words + page.wiki_words
}.flatten.uniq.sort }.flatten.uniq.sort
end end

56
app/models/wiki_reference.rb
View file

@ -11,43 +11,53 @@ class WikiReference < ActiveRecord::Base
belongs_to :page belongs_to :page
validates_inclusion_of :link_type, :in => [LINKED_PAGE, WANTED_PAGE, INCLUDED_PAGE, CATEGORY, AUTHOR, FILE, WANTED_FILE] validates_inclusion_of :link_type, :in => [LINKED_PAGE, WANTED_PAGE, INCLUDED_PAGE, CATEGORY, AUTHOR, FILE, WANTED_FILE]
# FIXME all finders below MUST restrict their results to pages belonging to a particular web
def self.link_type(web, page_name) def self.link_type(web, page_name)
web.has_page?(page_name) ? LINKED_PAGE : WANTED_PAGE web.has_page?(page_name) ? LINKED_PAGE : WANTED_PAGE
end end
def self.pages_that_reference(page_name) def self.pages_that_reference(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' + query = 'SELECT name FROM pages JOIN wiki_references ' +
'WHERE wiki_references.referenced_name = ?' + 'ON pages.id = wiki_references.page_id ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}', '#{INCLUDED_PAGE}')" 'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}', '#{INCLUDED_PAGE}') " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] } names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end end
def self.pages_that_link_to(page_name) def self.pages_that_link_to(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' + query = 'SELECT name FROM pages JOIN wiki_references ' +
'WHERE wiki_references.referenced_name = ? ' + 'ON pages.id = wiki_references.page_id ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}', '#{WANTED_PAGE}')" 'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type in ('#{LINKED_PAGE}','#{WANTED_PAGE}') " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_that_include(web, page_name)
query = 'SELECT name FROM pages JOIN wiki_references ' +
'ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type = '#{INCLUDED_PAGE}' " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] } names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end end
def self.pages_that_include(page_name) def self.pages_in_category(web, category)
query = 'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' +
'WHERE wiki_references.referenced_name = ? ' +
"AND wiki_references.link_type = '#{INCLUDED_PAGE}'"
names = connection.select_all(sanitize_sql([query, page_name])).map { |row| row['name'] }
end
def self.pages_in_category(category)
query = query =
'SELECT name FROM pages JOIN wiki_references ON pages.id = wiki_references.page_id ' + "SELECT name FROM pages JOIN wiki_references " +
'WHERE wiki_references.referenced_name = ? ' + "ON pages.id = wiki_references.page_id " +
"AND wiki_references.link_type = '#{CATEGORY}'" "WHERE wiki_references.referenced_name = ? " +
"AND wiki_references.link_type = '#{CATEGORY}' " +
"AND pages.web_id = '#{web.id}'"
names = connection.select_all(sanitize_sql([query, category])).map { |row| row['name'] } names = connection.select_all(sanitize_sql([query, category])).map { |row| row['name'] }
end end
def self.list_categories def self.list_categories(web)
query = "SELECT DISTINCT referenced_name FROM wiki_references WHERE link_type = '#{CATEGORY}'" query = "SELECT DISTINCT wiki_references.referenced_name " +
"FROM wiki_references LEFT OUTER JOIN pages " +
"ON wiki_references.page_id = pages.id " +
"WHERE wiki_references.link_type = '#{CATEGORY}' " +
"AND pages.web_id = '#{web.id}'"
connection.select_all(query).map { |row| row['referenced_name'] } connection.select_all(query).map { |row| row['referenced_name'] }
end end

2
test/unit/chunks/nowiki_test.rb
View file

@ -14,7 +14,7 @@ class NoWikiTest < Test::Unit::TestCase
def test_sanitized_nowiki def test_sanitized_nowiki
match(NoWiki, 'This sentence contains <nowiki><span>a b</span> <script>alert("XSS!");</script></nowiki>. Do not touch!', match(NoWiki, 'This sentence contains <nowiki><span>a b</span> <script>alert("XSS!");</script></nowiki>. Do not touch!',
:plain_text => '<span>a b</span> &lt;script&gt;alert("XSS!");&lt;/script&gt;' :plain_text => '<span>a b</span> &lt;script>alert("XSS!");&lt;/script>'
) )
end end