Changeset 1221

Timestamp:

12/09/08 18:16:48 (3 years ago)

Author:

CrawfordCurrie

Message:

Item253: remove TWikiDrawPlugin hack; analyse, rationalise and document usage of redirectto; Item5926: added encodings that were proposed to make chinese work (they don't break anything AFAICT). Deprecate Foswiki::Func::getRegularExpression (the regex array is published)

Location:

trunk/core

Files:

• data/System/CommandAndCGIScripts.txt (modified) (1 diff)
• data/System/DevelopingPlugins.txt (modified) (5 diffs)
• lib/Foswiki.pm (modified) (10 diffs)
• lib/Foswiki/Func.pm (modified) (6 diffs)
• lib/Foswiki/LoginManager/ApacheLogin.pm (modified) (1 diff)
• lib/Foswiki/LoginManager/TemplateLogin.pm (modified) (2 diffs)
• lib/Foswiki/OopsException.pm (modified) (2 diffs)
• lib/Foswiki/Render.pm (modified) (1 diff)
• lib/Foswiki/UI/Manage.pm (modified) (3 diffs)
• lib/Foswiki/UI/Register.pm (modified) (1 diff)
• lib/Foswiki/UI/Rest.pm (modified) (8 diffs)
• lib/Foswiki/UI/Save.pm (modified) (6 diffs)
• lib/Foswiki/UI/Upload.pm (modified) (9 diffs)

trunk/core/data/System/CommandAndCGIScripts.txt

@@ -322 +322 @@
 | =createlink= | if defined, will create a link to file at end of topic | |
 | =changeproperties= | if defined, this is a property change operation *only* - no file will be uploaded. | null |
-
-You can use a tool like =curl= to upload files from the command line using this script.
+| =redirectto= | URL to redirect to after upload. ={AllowRedirectUrl}= \
+     must be enabled in =configure=. The parameter value can be a \
+     =TopicName=, a =Web.TopicName=, or a URL. Redirect to a URL only works \
+     if it is enabled in =configure=, and is ignored if =noredirect= is \
+     specified.%BR% __Note:__ Redirect to a URL only works if it is enabled \
+     in =configure= (Miscellaneous ={AllowRedirectUrl}=). |
+| =noredirect= | Normally it will redirect to 'view' when the upload is \
+     complete, but also designed to be useable for REST-style calling using \
+     the 'noredirect' parameter. If this parameter is set it will return an \
+     appropriate HTTP status code and print a message to STDOUT, starting \
+     with 'OK' on success and 'ERROR' on failure. |
+
+__Tips__
+   * You can use a tool like =curl= to upload files from the command line using this script.
+   * You can call upload easily from !XmlHttpRequest in Javascript.
 
 ---+++ =view=

trunk/core/data/System/DevelopingPlugins.txt

@@ -1 +1 @@
 ---+ Developing Plugins
 
-Foswiki has a large number of internal (perl code) interfaces that give access to all the internal functionality. However in general it's a bad idea to use these interfaces to extend Foswiki, because that would result in your code breaking every time the core changes.
+Foswiki has a large number of internal (perl code) interfaces. However in general it's a bad idea to use these interfaces to extend Foswiki, because that would result in your code breaking every time the core changes.
 
 To address this problem Foswiki provides a number of Application Program Interfaces (APIs) that allow you to extend Foswiki in a robust way.
@@ -7 +7 @@
 The usual way Foswiki is extended is by writing a _Plugin_. Plugins extend Foswiki by providing functions that 'listen' to events in the Foswiki core, and handling these events. These functions are called "Plugin Handlers" and they are described in depth in %SYSTEMWEB%.EmptyPlugin and =lib/Foswiki/Plugins/EmptyPlugin.pm=.
 
-To be robust plugins must avoid using any unpublished functionality from the Foswiki core. Functionality that is available to plugins consists of the following perl packages. Click on the name of the packge to see the full documentation.
+To be robust extensions must avoid using any unpublished functionality from the Foswiki core. The following perl packages give access to features for extension authors. These APIs are not just for Plugins, they can be used in any type of extension. Click on the name of the package to see the full documentation.
    * =[[%SCRIPTURL{view}%/%SYSTEMWEB%/PerlDoc?module=Foswiki::Plugins::EmptyPlugin][Foswiki::Plugins::EmptyPlugin]]= - template plugin for you to use as a starting point for your own plugins.
    * =[[%SCRIPTURL{view}%/%SYSTEMWEB%/PerlDoc?module=Foswiki::Func][Foswiki::Func]]= - bridge to core functions. This is the package you will use most.
@@ -19 +19 @@
    * =$Foswiki::Plugins::SESSION= - reference to =Foswiki= singleton object
    * =$Foswiki::cfg= - reference to configuration hash
+   * =$Foswiki::regex - see 'Standard Regular Expressions', below
    * =$Foswiki::sandbox= - reference to the static sandbox object (type =Foswiki::Sandbox=), used for calling external programs.
 %I% Foswiki:Development.GettingStarted  is the starting point for more comprehensive documentation on developing for Foswiki.
 
----+++ Predefined Hooks
-
-Plugins 'listen' to events happening in the core by registering an interest in those events. They do this using 'plugin handlers'. these are simply functions with a particular name that, if they exist in your plugin, will be called by the core.
-
-Foswiki:Development.StepByStepRenderingOrder helps you decide which rendering handler to use. See EmptyPlugin for a full list of the handlers that are defined.
+__Note__ the APIs are available to all extensions, but rely on a
+=Foswiki= singleton object having been created before the APIs can be used.
+This will only be a problem if you are writing an extension that doesn't
+use the standard initialisation sequence.
+
+---+++ Standard Regular Expressions
+A number of standard regular expressions are available for use in extensions, in the =$Foswiki::regex= hash. these regular expressions are precompiled in an
+<nop>I18N-compatible manner. The
+following are guaranteed to be present. Others may exist, but their use
+is unsupported and they may be removed in future Foswiki versions.
+
+In the table below, the expression marked type 'String' are intended for
+use within character classes (i.e. for use within square brackets inside
+a regular expression), for example:
+<verbatim>
+   my $isCapitalizedWord =
+     ( $s =~ /[$Foswiki::regex{upperAlpha}][$Foswiki::regex{mixedAlpha}]+/ );
+</verbatim>
+Those expressions marked type 'RE' are precompiled regular expressions that can be used outside square brackets. For example:
+<verbatim>
+   my $isWebName = ( $s =~ m/$Foswiki::regex{webNameRegex}/ );
+</verbatim>
+
+| *Name*         | *Matches*                        | *Type* |
+| upperAlpha     | Upper case characters            | String |
+| upperAlphaNum  | Upper case characters and digits | String |
+| lowerAlpha     | Lower case characters            | String |
+| lowerAlphaNum  | Lower case characters and digits | String |
+| numeric        | Digits                           | String |
+| mixedAlpha     | Alphabetic characters            | String |
+| mixedAlphaNum  | Alphanumeric characters          | String |
+| wikiWordRegex  | WikiWords                        | RE |
+| webNameRegex   | User web names                   | RE |
+| topicNameRegex | Topic names                      | RE |
+| anchorRegex    | #AnchorNames                     | RE |
+| abbrevRegex    | Abbreviations/Acronyms e.g. GOV, IRS | RE |
+| emailAddrRegex | email@address.com                | RE |
+| tagNameRegex   | Standard macro names e.g. %<nop>THIS_BIT% (THIS_BIT only) | RE |
+
+---+++ Predefined Hooks for Plugins
+
+Plugins 'listen' to events happening in the core by registering an interest in those events. They do this by declaring 'plugin handlers'. These are simply functions with a particular name that, if they exist in your plugin, will be called by the core.
+
+Foswiki:Development.StepByStepRenderingOrder helps you decide which rendering handler to use. See [[EmptyPlugin]] for a full list of the handlers that are defined.
 
 #FastPluginHints
@@ -44 +84 @@
 
    * All plugin packages require a =$VERSION= variable. This should be an integer, or a subversion version id.
-
    * The =initPlugin= handler should check all dependencies and return 1 if the initialization is OK or 0 if something went wrong.
       * The plugin initialization code does not register a plugin that returns 0 (or that has no =initPlugin= handler).
-
    * =$Foswiki::Plugins::VERSION= in the =Foswiki::Plugins= module contains the Foswiki plugin API version, currently *%PLUGINVERSION{}%*.
       * You can also use the =[[VarPLUGINVERSION][%<nop>PLUGINVERSION{}%]]= macro to query the plugin API version or the version of installed plugins.
@@ -53 +91 @@
 ---+++ Security
 
-   * Badly written plugins can open huge security holes in Foswiki. This is especially true if care isn't taken to prevent execution of arbitrary commands on the server.
-   * Don't allow sensitive configuration data to be edited by users. it is better to add sensitive configuration options to the =%Foswiki::cfg= hash than adding it as preferences in the plugin topic.
+   * Badly written plugins can open security holes in Foswiki. This is especially true if care isn't taken to prevent execution of arbitrary commands on the server.
+   * Don't allow sensitive configuration data to be edited by users. Use the =%Foswiki::cfg= hash for configuration options. Don't ask installers to edit topics in the System web.
       * [[#ConfigSpec][Integrating with <code>configure</code>]] describes the steps
       * Foswiki:Extensions.MailInContrib has an example
       * Foswiki:Extensions.BuildContrib can help you with this
-   * Always use the Foswiki::Sandbox to execute commands.
+   * Make sure that all user input is checked and validated. Be especially careful to filter characters that might be used in perl string interpolation.
+   * Avoid =eval=, and if you must use it make sure you sanitise parameters
+   * Always use the Foswiki::sandbox to execute commands. Never use backtick or qx//.
    * Always audit the plugins you install, and make sure you are happy with the level of security provided. While every effort is made to monitor plugin authors activities, at the end of the day they are uncontrolled user contributions.
 

trunk/core/lib/Foswiki.pm

@@ -407 +407 @@
     $regex{anchorRegex}         = qr/\#[$regex{mixedAlphaNum}_]+/o;
     $regex{abbrevRegex}         = qr/[$regex{upperAlpha}]{3,}s?\b/o;
-
+    $regex{topicNameRegex}      =
+      qr/(?:(?:$regex{wikiWordRegex})|(?:$regex{abbrevRegex}))/o;
     # Simplistic email regex, e.g. for WebNotify processing - no i18n
     # characters allowed
@@ -724 +725 @@
 }
 
-=begin TML
-
----++ StaticMethod isRedirectSafe($redirect) => $ok
-
-tests if the $redirect is an external URL, returning false if AllowRedirectUrl is denied
-
-=cut
-
-sub isRedirectSafe {
+# Tests if the $redirect is an external URL, returning false if
+# AllowRedirectUrl is denied
+sub _isRedirectSafe {
     my $redirect = shift;
 
@@ -758 +753 @@
 }
 
-# _getRedirectUrl() => redirectURL set from the parameter
-# Reads a redirect url from CGI parameter 'redirectto'.
-# This function is used to get and test the 'redirectto' cgi parameter,
-# and then the calling function can set its own reporting if there is a
-# problem.
-sub _getRedirectUrl {
-    my $session = shift;
-
-    my $query       = $session->{request};
-    my $redirecturl = $query->param('redirectto');
-    return '' unless $redirecturl;
+=begin TML
+
+---++ ObjectMethod redirectto($url) -> $url
+Gets a redirect url from CGI parameter 'redirectto', if present on the query.
+
+If the redirectto CGI parameter specifies a valid redirection target it is
+returned; otherwise the original URL passed in the parameter is returned.
+
+Conditions for a valid redirection target are:
+   * The target matches the linkProtocolPattern regex, and redirection
+     to the url _isRedirectSafe
+   * The target specified a topic, or a Web.Topic (redirect will be to
+     'view')
+
+=cut
+
+sub redirectto {
+    my ($this, $url) = @_;
+    ASSERT($url);
+
+    my $redirecturl = $this->{request}->param('redirectto');
+    return $url unless $redirecturl;
 
     if ( $redirecturl =~ m#^$regex{linkProtocolPattern}://#o ) {
 
         # assuming URL
-        if ( isRedirectSafe($redirecturl) ) {
+        if ( _isRedirectSafe($redirecturl) ) {
             return $redirecturl;
         }
         else {
-            return '';
+            return $url;
         }
     }
@@ -783 +789 @@
     # assuming 'web.topic' or 'topic'
     my ( $w, $t ) =
-      $session->normalizeWebTopicName( $session->{webName}, $redirecturl );
-    $redirecturl = $session->getScriptUrl( 1, 'view', $w, $t );
-    return $redirecturl;
-}
-
-=begin TML
-
----++ ObjectMethod redirect( $url, $passthrough, $action_redirectto )
+      $this->normalizeWebTopicName( $this->{webName}, $redirecturl );
+    return $this->getScriptUrl( 1, 'view', $w, $t );
+}
+
+=begin TML
+
+---++ ObjectMethod redirect( $url, $passthrough )
 
    * $url - url or topic to redirect to
-   * $passthrough - (optional) parameter to **FILLMEIN**
-   * $action_redirectto - (optional) redirect to where ?redirectto=
-     points to (if it's valid)
+   * $passthrough - (optional) parameter to pass through current query
+     parameters (see below)
 
 Redirects the request to =$url=, *unless*
    1 It is overridden by a plugin declaring a =redirectCgiQueryHandler=.
    1 =$session->{request}= is =undef= or
-   1 $query->param('noredirect') is set to a true value.
 Thus a redirect is only generated when in a CGI context.
 
@@ -820 +823 @@
 
 sub redirect {
-    my ( $this, $url, $passthru, $action_redirectto ) = @_;
+    my ( $this, $url, $passthru ) = @_;
+    ASSERT(defined $url);
 
     my $query = $this->{request};
@@ -826 +830 @@
     # if we got here without a query, there's not much more we can do
     return unless $query;
-
-    # SMELL: if noredirect is set, don't generate the redirect, throw an
-    # exception instead. This is a HACK used to support TWikiDrawPlugin.
-    # It is deprecated and must be replaced by REST handlers in the plugin.
-    if ( $query->param('noredirect') ) {
-        die "ERROR: $url";
-        return;
-    }
-
-    if ($action_redirectto) {
-        my $redir = _getRedirectUrl($this);
-        $url = $redir if ($redir);
-    }
 
     if ( $passthru && defined $query->method() ) {
@@ -872 +863 @@
     # do this check as late as possible to catch _any_ last minute hacks
     # TODO: this should really use URI
-    if ( !isRedirectSafe($url) ) {
+    if ( !_isRedirectSafe($url) ) {
 
         # goto oops if URL is trying to take us somewhere dangerous
@@ -962 +953 @@
     my ($name) = @_;
 
-    return isValidWikiWord(@_) || isValidAbbrev(@_);
-}
-
-=begin TML
-
----++ StaticMethod isValidAbbrev( $name ) -> $boolean
-
-Check for a valid ABBREV (acronym)
-
-=cut
-
-sub isValidAbbrev {
-    my $name = shift || '';
-    return ( $name =~ m/^$regex{abbrevRegex}$/o );
+    return ( $name =~ m/^$regex{topicNameRegex}$/o );
 }
 
@@ -1148 +1126 @@
     while ( my $p = shift @args ) {
         if ( $p eq '#' ) {
-            $anchor .= '#' . shift(@args);
+            $anchor .= '#' . urlEncode( shift(@args) );
         }
         else {
@@ -3859 +3837 @@
         # Issues multi-valued parameters as separate hiddens
         my $value = $this->{request}->param($name);
+        $value = '' unless defined $value;
         $name = _encode( $encoding, $name );
         $value = _encode( $encoding, $value );

trunk/core/lib/Foswiki/Func.pm

@@ -1278 +1278 @@
 =begin TML
 
----+++ saveTopic( $web, $topic, $meta, $text, $options ) -> $error
+---+++ saveTopic( $web, $topic, $meta, $text, $options )
 
    * =$web= - web for the topic
@@ -1289 +1289 @@
      | =forcenewrevision= | force the save to increment the revision counter |
      | =minor= | True if this is a minor change, and is not to be notified |
-Return: error message or undef.
 
 For example,
@@ -1300 +1299 @@
 __Note:__ Plugins handlers ( e.g. =beforeSaveHandler= ) will be called as
 appropriate.
+
+In the event of an error an exception will be thrown. Callers can elect
+to trap the exceptions thrown, or allow them to propagate to the calling
+environment. May throw Foswiki::OopsException, Foswiki::AccessControlException or Error::Simple.
 
 =cut
@@ -2320 +2323 @@
 =begin TML
 
----+++ getRegularExpression( $name ) -> $expr
-
-Retrieves a Foswiki predefined regular expression or character class.
-   * =$name= - Name of the expression to retrieve.  See notes below
-Return: String or precompiled regular expression matching as described below.
-
-__Note:__ Foswiki internally precompiles several regular expressions to
-represent various string entities in an <nop>I18N-compatible manner. Plugins
-authors are encouraged to use these in matching where appropriate. The
-following are guaranteed to be present. Others may exist, but their use
-is unsupported and they may be removed in future Foswiki versions.
-
-In the table below, the expression marked type 'String' are intended for
-use within character classes (i.e. for use within square brackets inside
-a regular expression), for example:
-<verbatim>
-   my $upper = Foswiki::Func::getRegularExpression('upperAlpha');
-   my $alpha = Foswiki::Func::getRegularExpression('mixedAlpha');
-   my $capitalized = qr/[$upper][$alpha]+/;
-</verbatim>
-Those expressions marked type 'RE' are precompiled regular expressions that can be used outside square brackets. For example:
-<verbatim>
-   my $webRE = Foswiki::Func::getRegularExpression('webNameRegex');
-   my $isWebName = ( $s =~ m/$webRE/ );
-</verbatim>
-
-| *Name*         | *Matches*                        | *Type* |
-| upperAlpha     | Upper case characters            | String |
-| upperAlphaNum  | Upper case characters and digits | String |
-| lowerAlpha     | Lower case characters            | String |
-| lowerAlphaNum  | Lower case characters and digits | String |
-| numeric        | Digits                           | String |
-| mixedAlpha     | Alphabetic characters            | String |
-| mixedAlphaNum  | Alphanumeric characters          | String |
-| wikiWordRegex  | WikiWords                        | RE |
-| webNameRegex   | User web names                   | RE |
-| anchorRegex    | #AnchorNames                     | RE |
-| abbrevRegex    | Abbreviations e.g. GOV, IRS      | RE |
-| emailAddrRegex | email@address.com                | RE |
-| tagNameRegex   | Standard variable names e.g. %<nop>THIS_BIT% (THIS_BIT only) | RE |
-
-=cut
-
-sub getRegularExpression {
-    my ($regexName) = @_;
-    return $Foswiki::regex{$regexName};
-}
-
-=begin TML
-
 ---+++ normalizeWebTopicName($web, $topic) -> ($web, $topic)
 
@@ -2509 +2462 @@
 =begin TML
 
+---+++ isValidWebName( $name, $system ) -> $boolean
+
+Check for a valid web name. If $system is true, then
+system web names are considered valid (names starting with _)
+otherwise only user web names are valid
+
+If $Foswiki::cfg{EnableHierarchicalWebs} is off, it will also return false
+when a nested web name is passed to it.
+
+=cut
+
+sub isValidWebName {
+    return Foswiki::isValidWebName(@_);
+}
+
+=begin TML
+
+---++ StaticMethod isValidTopicName( $name ) -> $boolean
+
+Check for a valid topic name.
+
+=cut
+
+sub isValidTopicName {
+    return Foswiki::isValidTopicName(@_);
+}
+
+=begin TML
+
 ---+++ extractParameters($attr ) -> %params
 
@@ -2581 +2563 @@
 The following functions are retained for compatibility only. You should
 stop using them as soon as possible.
+
+=cut
+
+=begin TML
+
+---+++ getRegularExpression( $name ) -> $expr
+
+*Deprecated* 28 Nov 2008 - use =$Foswiki::regex{...}= instead, it is directly
+equivalent.
+
+See System.DevelopingPlugins for more information
+
+=cut
+
+sub getRegularExpression {
+    my ($regexName) = @_;
+    return $Foswiki::regex{$regexName};
+}
+
+=begin TML
 
 ---+++ getScriptUrlPath( ) -> $path

trunk/core/lib/Foswiki/LoginManager/ApacheLogin.pm

@@ -120 +120 @@
     $url .= ( ';' . $query->query_string() ) if $query->query_string();
 
-    $session->redirect( $url, 1 );
+    $session->redirect( $url, 1 ); # with passthrough
 }
 

trunk/core/lib/Foswiki/LoginManager/TemplateLogin.pm

@@ -64 +64 @@
         my $url   = $session->getScriptUrl( 0, 'login', $web, $topic );
         $query->param( -name => 'origurl', -value => $session->{request}->uri );
-        $session->redirect( $url, 1 );
+        $session->redirect( $url, 1 ); # with passthrough
         return 1;
     }
@@ -162 +162 @@
               ; #remove the sudo param - its only to tell TemplateLogin that we're using BaseMapper..
                 # Redirect with passthrough
-            $sessionSession->redirect( $origurl, 1 );
+            $sessionSession->redirect( $origurl, 1 ); # with passthrough
             return;
         }

trunk/core/lib/Foswiki/OopsException.pm

@@ -87 +87 @@
     my $this     = $class->SUPER::new();
     $this->{template} = $template;
+    $this->{status} = 500; # default server error
     ASSERT( scalar(@_) % 2 == 0, join( ";", map { $_ || 'undef' } @_ ) )
       if DEBUG;
@@ -177 +178 @@
 
     my @p = $this->_prepareResponse( $session );
-    $session->{response}->status( $this->{status} || 500 );
+    $session->{response}->status( $this->{status} );
     require Foswiki::UI::Oops;
     Foswiki::UI::Oops::oops($session, $this->{web}, $this->{topic},

trunk/core/lib/Foswiki/Render.pm

@@ -467 +467 @@
     }
 
-    # No need to encode 8-bit characters in anchor due to UTF-8 URL support
-
-    return $anchorName;
+    # There should be no need to encode 8-bit characters in anchor
+    # due to UTF-8 URL support. However encoding apparently cures Item5962
+
+    return Foswiki::urlEncode( $anchorName );
 }
 

trunk/core/lib/Foswiki/UI/Manage.pm

@@ -263 +263 @@
 | =currentwebonly= | if defined, searches current web only for links to this topic |
 | =nonwikiword= | if defined, a non-wikiword is acceptable for the new topic name |
+| =redirectto= | If the rename process is successful, rename will redirect to this topic or URL. The parameter value can be a =TopicName=, a =Web.TopicName=, or a URL.%BR% __Note:__ Redirect to a URL only works if it is enabled in =configure= (Miscellaneous ={AllowRedirectUrl}=). |
 
 =cut
@@ -462 +463 @@
     }
 
-    #follow redirectto=
-    $session->redirect( $new_url, undef, 1 );
+    # follow redirectto
+    $session->redirect( $session->redirectto( $new_url ) );
 }
 
@@ -1587 +1588 @@
     };
     my $viewURL = $session->getScriptUrl( 0, 'view', $web, $topic );
-    $session->redirect( $viewURL, undef, 1 );
-    return;
-
+    $session->redirect( $session->redirectto($viewURL) );
 }
 

trunk/core/lib/Foswiki/UI/Register.pm

@@ -200 +200 @@
     $session->leaveContext('absolute_urls');
 
-    $session->redirect( $session->getScriptUrl( 1, 'view', $web, $logTopic ) );
+    my $nurl = $session->getScriptUrl( 1, 'view', $web, $logTopic );
+    $session->redirect( $nurl );
 }
 

trunk/core/lib/Foswiki/UI/Rest.pm

@@ -16 +16 @@
 
 sub rest {
-    my ( $twiki, %initialContext ) = @_;
+    my ( $session, %initialContext ) = @_;
 
-    my $query = $twiki->{request};
+    my $query = $session->{request};
     my $login = $query->param('username');
     my $pass  = $query->param('password');
@@ -28 +28 @@
     if ($topic) {
         unless ( $topic =~ /((?:.*[\.\/])+)(.*)/ ) {
-            my $res = $twiki->{response};
+            my $res = $session->{response};
             $res->header(
                 -type   => 'text/html',
@@ -42 +42 @@
 
         # Point it somewhere innocent
-        $twiki->{webName}   = $Foswiki::cfg{UsersWebName};
-        $twiki->{topicName} = $Foswiki::cfg{HomeTopicName};
+        $session->{webName}   = $Foswiki::cfg{UsersWebName};
+        $session->{topicName} = $Foswiki::cfg{HomeTopicName};
     }
 
     if ($login) {
-        my $validation = $twiki->{users}->checkPassword( $login, $pass );
+        my $validation = $session->{users}->checkPassword( $login, $pass );
         unless ($validation) {
-            my $res = $twiki->{response};
+            my $res = $session->{response};
             $res->header(
                 -type   => 'text/html',
@@ -59 +59 @@
         }
 
-        my $cUID     = $twiki->{users}->getCanonicalUserID($login);
-        my $WikiName = $twiki->{users}->getWikiName($cUID);
-        $twiki->{users}->{loginManager}->userLoggedIn( $login, $WikiName );
+        my $cUID     = $session->{users}->getCanonicalUserID($login);
+        my $WikiName = $session->{users}->getWikiName($cUID);
+        $session->{users}->{loginManager}->userLoggedIn( $login, $WikiName );
 
-#TODO: its a bit odd that $twiki->{user} has to be manually set (expected userLoggedIn would do it)
-        $twiki->{user} = $cUID;
+#TODO: its a bit odd that $session->{user} has to be manually set (expected userLoggedIn would do it)
+        $session->{user} = $cUID;
     }
 
     try {
-        $twiki->{users}->{loginManager}->checkAccess();
+        $session->{users}->{loginManager}->checkAccess();
     }
     catch Error with {
         my $e   = shift;
-        my $res = $twiki->{response};
+        my $res = $session->{response};
         $res->header(
             -type   => 'text/html',
@@ -87 +87 @@
         # Foswiki rest invocations are defined as having a subject (pluginName)
         # and verb (restHandler in that plugin)
-        my $res = $twiki->{response};
+        my $res = $session->{response};
         $res->header(
             -type   => 'text/html',
@@ -99 +99 @@
 
     unless ( Foswiki::isValidWikiWord($subject) ) {
-        my $res = $twiki->{response};
+        my $res = $session->{response};
         $res->header(
             -type   => 'text/html',
@@ -111 +111 @@
     my $function = $Foswiki::restDispatch{$subject}{$verb};
     unless ($function) {
-        my $res = $twiki->{response};
+        my $res = $session->{response};
         $res->header(
             -type   => 'text/html',
@@ -122 +122 @@
 
     no strict 'refs';
-    my $result = &$function( $twiki, $subject, $verb, $twiki->{response} );
+    my $result = &$function( $session, $subject, $verb, $session->{response} );
     use strict 'refs';
     my $endPoint = $query->param('endPoint');
     if ( defined($endPoint) ) {
-        $twiki->redirect( $twiki->getScriptUrl( 1, 'view', '', $endPoint ) );
+        my $nurl = $session->getScriptUrl( 1, 'view', '', $endPoint );
+        $session->redirect( $nurl );
     }
     else {
-        $twiki->writeCompletePage($result) if $result;
+        $session->writeCompletePage($result) if $result;
     }
 }

trunk/core/lib/Foswiki/UI/Save.pm

@@ -441 +441 @@
         }
         my $viewURL = $session->getScriptUrl( 1, 'view', $w, $t );
-        $session->redirect( $viewURL, undef, 1 );
+        $session->redirect( $session->redirectto($viewURL) );
 
         return;
@@ -498 +498 @@
 
         # drop through
+    } else {
+         $redirecturl = $session->getScriptUrl( 1, 'view', $web, $topic );
+     }
+
+    # Do we have ?redirectto=
+    if ($saveaction ne 'checkpoint') {
+        $redirecturl = $session->redirectto($redirecturl);
     }
 
@@ -530 +537 @@
 
     #success - redirect to topic view (unless its a checkpoint save)
-    $redirecturl ||= $session->getScriptUrl( 1, 'view', $web, $topic );
 
     if ( $saveCmd eq 'delRev' ) {
@@ -548 +554 @@
         };
 
-        $session->redirect( $redirecturl, undef, 1 );
+        $session->redirect( $redirecturl );
         return;
     }
@@ -577 +583 @@
         };
 
-        $session->redirect( $redirecturl, undef,
-            ( $saveaction ne 'checkpoint' ) );
+        $session->redirect( $redirecturl);
         return;
     }
@@ -620 +625 @@
     }
 
-    $session->redirect( $redirecturl, undef, ( $saveaction ne 'checkpoint' ) );
+    $session->redirect( $redirecturl );
 }
 

trunk/core/lib/Foswiki/UI/Upload.pm

@@ -119 +119 @@
 CGI parameters, passed in $query:
 
-| =hidefile= | if defined, will not show file in attachment table |
-| =filepath= | |
-| =filename= | |
-| =filecomment= | comment to associate with file in attachment table |
-| =createlink= | if defined, will create a link to file at end of topic |
-| =changeproperties= | |
-| =redirectto= | URL to redirect to after upload. ={AllowRedirectUrl}= must be enabled in =configure=. The parameter value can be a =TopicName=, a =Web.TopicName=, or a URL. Redirect to a URL only works if it is enabled in =configure=. |
-
-Does the work of uploading a file to a topic. Designed to be useable for
-a crude RPC (it will redirect to the 'view' script unless the
-'noredirect' parameter is specified, in which case it will print a message to
-STDOUT, starting with 'OK' on success and 'ERROR' on failure.
+Does the work of uploading an attachment to a topic.
+
+   * =hidefile= - if defined, will not show file in attachment table
+   * =filepath= -
+   * =filename= -
+   * =filecomment= - comment to associate with file in attachment table
+   * =createlink= - if defined, will create a link to file at end of topic
+   * =changeproperties= -
+   * =redirectto= - URL to redirect to after upload. ={AllowRedirectUrl}=
+     must be enabled in =configure=. The parameter value can be a
+     =TopicName=, a =Web.TopicName=, or a URL. Redirect to a URL only works
+     if it is enabled in =configure=, and is ignored if =noredirect= is
+     specified.
+   * =noredirect= - Normally it will redirect to 'view' when the upload is
+     complete, but also designed to be useable for REST-style calling using
+     the 'noredirect' parameter. If this parameter is set it will return an
+     appropriate HTTP status code and print a message to STDOUT, starting
+     with 'OK' on success and 'ERROR' on failure.
 
 =cut
 
 sub upload {
+    my $session = shift;
+
+    my $query   = $session->{request};
+    if ($query->param('noredirect')) {
+        my $message;
+        my $status = 200;
+        try {
+            $message = _upload($session);
+        } catch Foswiki::OopsException with {
+            my $e = shift;
+            $status = $e->{status};
+            if ($status >= 400) {
+                $message = 'ERROR: '.$e->stringify();
+            }
+        } catch Foswiki::AccessControlException with {
+            my $e = shift;
+            $status = 403;
+            $message = 'ERROR: '.$e->stringify();
+        };
+        if ($status < 400) {
+            $message = 'OK '.$message;
+        };
+        $session->{response}->header(
+            -status => $status,
+            -type => 'text/plain');
+        $session->{response}->print($message);
+    } else {
+        # allow exceptions to propagate
+        _upload($session);
+
+        my $nurl = $session->getScriptUrl(
+            1, 'view', $session->{webName}, $session->{topicName} );
+        $session->redirect( $session->redirectto( $nurl ));
+    };
+}
+
+# Real work of upload
+sub _upload {
     my $session = shift;
 
@@ -159 +203 @@
     $filePath    =~ s/\s*$//o;
 
-    Foswiki::UI::checkWebExists( $session, $webName, $topic, 'attach files to' );
+    Foswiki::UI::checkWebExists(
+        $session, $webName, $topic, 'attach files to' );
     Foswiki::UI::checkTopicExists( $session, $webName, $topic,
-        'attach files to' );
+                                   'attach files to' );
     Foswiki::UI::checkMirror( $session, $webName, $topic );
-    Foswiki::UI::checkAccess( $session, $webName, $topic, 'CHANGE', $user );
+    Foswiki::UI::checkAccess(
+        $session, $webName, $topic, 'CHANGE', $user );
 
     my $origName = $fileName;
@@ -174 +220 @@
         try {
             $tmpFilePath = $query->tmpFileName($fh);
-        }
-        catch Error::Simple with {
+        } catch Error::Simple with {
 
             # Item5130, Item5133 - Illegal file name, bad path,
@@ -185 +230 @@
                 topic  => $topic,
                 params => [ ( $filePath || '""' ) ]
-            );
+               );
         };
 
@@ -205 +250 @@
                 topic  => $topic,
                 params => [ ( $filePath || '""' ) ]
-            );
+               );
         }
 
@@ -219 +264 @@
                 topic  => $topic,
                 params => [ $fileName, $maxSize ]
-            );
+               );
         }
     }
@@ -238 +283 @@
                 tmpFilename => $tmpFilePath,
             }
-        );
-    }
-    catch Error::Simple with {
+           );
+    } catch Error::Simple with {
         throw Foswiki::OopsException(
             'attention',
@@ -247 +291 @@
             topic  => $topic,
             params => [ shift->{-text} ]
-        );
+           );
     };
     close($stream) if $stream;
 
-    if ( $fileName eq $origName ) {
-        $session->redirect(
-            $session->getScriptUrl( 1, 'view', $webName, $topic ),
-            undef, 1 );
-    }
-    else {
+    if ( $fileName ne $origName ) {
         throw Foswiki::OopsException(
             'attention',
@@ -264 +303 @@
             topic  => $topic,
             params => [ $origName, $fileName ]
-        );
-    }
-
- # generate a message useful for those calling this script from the command line
-    my $message = ($doPropsOnly) ? 'properties changed' : "$fileName uploaded";
-
-    print 'OK ', $message, "\n" if $session->inContext('command_line');
+           );
+    }
+
+    # generate a message useful for those calling this script
+    # from the command line
+    return ($doPropsOnly) ? 'properties changed' :
+      "$fileName uploaded";
 }