dépôts
/
ikiwiki
/
poll.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d5fce9d
)
Correction : expression rationnelle.
author
Julien Moutinho
<julm+ikiwiki+poll@autogeree.net>
Fri, 14 Mar 2014 04:01:27 +0000
(
05:01
+0100)
committer
Julien Moutinho
<julm+ikiwiki+poll@autogeree.net>
Fri, 14 Mar 2014 04:07:28 +0000
(
05:07
+0100)
poll.pm
patch
|
blob
|
history
diff --git
a/poll.pm
b/poll.pm
index
612b49d
..
b79fd0e
100644
(file)
--- a/
poll.pm
+++ b/
poll.pm
@@
-22,6
+22,22
@@
sub getsetup () {
, section => "widget"
};
}
, section => "widget"
};
}
+my $params_re
+ = qr{
+ (?>
+ (?>(?:[^\[\]]|\[[^\[]|\][^\]])+)
+ |
+ (?'loop'
+ \[\[
+ (?>
+ (?>(?:[^\[\]]|\[[^\[]|\][^\]])+)
+ |
+ (?&loop)
+ )*
+ \]\]
+ )
+ )*
+ }x;
sub scan (@) {
my %params = @_;
my $page = $params{page};
sub scan (@) {
my %params = @_;
my $page = $params{page};
@@
-30,7
+46,7
@@
sub scan (@) {
my $type = IkiWiki::pagetype($pagesources{$page});
if (defined $type and $type eq "mdwn") {
my %polls = ();
my $type = IkiWiki::pagetype($pagesources{$page});
if (defined $type and $type eq "mdwn") {
my %polls = ();
- while ($content =~ m{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?\s+(
.+?
)\s*\]\]}gs) {
+ while ($content =~ m{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?\s+(
$params_re
)\s*\]\]}gs) {
my ($escape, $poll, $directive) = ($1, $3, $4);
next if $escape;
$poll = '' unless defined $poll;
my ($escape, $poll, $directive) = ($1, $3, $4);
next if $escape;
$poll = '' unless defined $poll;
@@
-119,10
+135,11
@@
sub preprocess (@) {
if $choices{$choice}{unknown_votes};
}
if ($open && exists $config{cgiurl}) {
if $choices{$choice}{unknown_votes};
}
if ($open && exists $config{cgiurl}) {
+ my $choice_escaped = URI::Escape::uri_escape_utf8($choice, '^A-Za-z0-9\ \-\._~/');
$ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
$ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
$ret.="<input type=\"hidden\" name=\"page\" value=\"$uri_page\" />\n";
$ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
$ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
$ret.="<input type=\"hidden\" name=\"page\" value=\"$uri_page\" />\n";
- $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
+ $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice
_escaped
\" />\n";
$ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
}
$ret.="<span class='description'>$choice</span>";
$ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
}
$ret.="<span class='description'>$choice</span>";
@@
-156,7
+173,8
@@
sub sessioncgi ($$) {
my $cgi=shift;
my $session=shift;
if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
my $cgi=shift;
my $session=shift;
if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
- my $choice=decode_utf8($cgi->param('choice'));
+ my $choice = Encode::decode_utf8(URI::Escape::uri_unescape(IkiWiki::possibly_foolish_untaint($cgi->param('choice'))));
+
if (! defined $choice || not length $choice) {
error("no choice specified");
}
if (! defined $choice || not length $choice) {
error("no choice specified");
}
@@
-239,7
+257,25
@@
sub sessioncgi ($$) {
return "$params";
};
my $id='';
return "$params";
};
my $id='';
- $content =~ s{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?(\s+)(.+?)(\s*)\]\]}{$id=$3;$1.'[['.$prefix.$2.$4.$edit->($1, $5).$6.']]'}gse;
+ $content =~
+ s{
+ (?<escape>\\?)
+ \[\[\Q$prefix\E
+ (?:\s+id="(?<id>[^"]*)")?
+ (?<space_begin>\s+)
+ (?<params>$params_re)
+ (?<space_end>\s*)
+ \]\]
+ }
+ {$id=$+{id};
+ $+{escape}
+ .'[['.$prefix
+ .($+{id} eq ''?'':'id="'.$+{id}.'"')
+ .$+{space_begin}
+ .$edit->($+{escape}, $+{params})
+ .$+{space_end}
+ .']]'
+ }egsx;
# Store their vote, update the page, and redirect to it.
writefile($pagesources{$page}, $config{srcdir}, $content);
# Store their vote, update the page, and redirect to it.
writefile($pagesources{$page}, $config{srcdir}, $content);