Changeset 1221 for trunk/core/lib/Foswiki.pm

Timestamp:

12/09/08 18:16:48 (3 years ago)

Author:

CrawfordCurrie

Message:

Item253: remove TWikiDrawPlugin hack; analyse, rationalise and document usage of redirectto; Item5926: added encodings that were proposed to make chinese work (they don't break anything AFAICT). Deprecate Foswiki::Func::getRegularExpression (the regex array is published)

File:

• trunk/core/lib/Foswiki.pm (modified) (10 diffs)

trunk/core/lib/Foswiki.pm

@@ -407 +407 @@
     $regex{anchorRegex}         = qr/\#[$regex{mixedAlphaNum}_]+/o;
     $regex{abbrevRegex}         = qr/[$regex{upperAlpha}]{3,}s?\b/o;
-
+    $regex{topicNameRegex}      =
+      qr/(?:(?:$regex{wikiWordRegex})|(?:$regex{abbrevRegex}))/o;
     # Simplistic email regex, e.g. for WebNotify processing - no i18n
     # characters allowed
@@ -724 +725 @@
 }
 
-=begin TML
-
----++ StaticMethod isRedirectSafe($redirect) => $ok
-
-tests if the $redirect is an external URL, returning false if AllowRedirectUrl is denied
-
-=cut
-
-sub isRedirectSafe {
+# Tests if the $redirect is an external URL, returning false if
+# AllowRedirectUrl is denied
+sub _isRedirectSafe {
     my $redirect = shift;
 
@@ -758 +753 @@
 }
 
-# _getRedirectUrl() => redirectURL set from the parameter
-# Reads a redirect url from CGI parameter 'redirectto'.
-# This function is used to get and test the 'redirectto' cgi parameter,
-# and then the calling function can set its own reporting if there is a
-# problem.
-sub _getRedirectUrl {
-    my $session = shift;
-
-    my $query       = $session->{request};
-    my $redirecturl = $query->param('redirectto');
-    return '' unless $redirecturl;
+=begin TML
+
+---++ ObjectMethod redirectto($url) -> $url
+Gets a redirect url from CGI parameter 'redirectto', if present on the query.
+
+If the redirectto CGI parameter specifies a valid redirection target it is
+returned; otherwise the original URL passed in the parameter is returned.
+
+Conditions for a valid redirection target are:
+   * The target matches the linkProtocolPattern regex, and redirection
+     to the url _isRedirectSafe
+   * The target specified a topic, or a Web.Topic (redirect will be to
+     'view')
+
+=cut
+
+sub redirectto {
+    my ($this, $url) = @_;
+    ASSERT($url);
+
+    my $redirecturl = $this->{request}->param('redirectto');
+    return $url unless $redirecturl;
 
     if ( $redirecturl =~ m#^$regex{linkProtocolPattern}://#o ) {
 
         # assuming URL
-        if ( isRedirectSafe($redirecturl) ) {
+        if ( _isRedirectSafe($redirecturl) ) {
             return $redirecturl;
         }
         else {
-            return '';
+            return $url;
         }
     }
@@ -783 +789 @@
     # assuming 'web.topic' or 'topic'
     my ( $w, $t ) =
-      $session->normalizeWebTopicName( $session->{webName}, $redirecturl );
-    $redirecturl = $session->getScriptUrl( 1, 'view', $w, $t );
-    return $redirecturl;
-}
-
-=begin TML
-
----++ ObjectMethod redirect( $url, $passthrough, $action_redirectto )
+      $this->normalizeWebTopicName( $this->{webName}, $redirecturl );
+    return $this->getScriptUrl( 1, 'view', $w, $t );
+}
+
+=begin TML
+
+---++ ObjectMethod redirect( $url, $passthrough )
 
    * $url - url or topic to redirect to
-   * $passthrough - (optional) parameter to **FILLMEIN**
-   * $action_redirectto - (optional) redirect to where ?redirectto=
-     points to (if it's valid)
+   * $passthrough - (optional) parameter to pass through current query
+     parameters (see below)
 
 Redirects the request to =$url=, *unless*
    1 It is overridden by a plugin declaring a =redirectCgiQueryHandler=.
    1 =$session->{request}= is =undef= or
-   1 $query->param('noredirect') is set to a true value.
 Thus a redirect is only generated when in a CGI context.
 
@@ -820 +823 @@
 
 sub redirect {
-    my ( $this, $url, $passthru, $action_redirectto ) = @_;
+    my ( $this, $url, $passthru ) = @_;
+    ASSERT(defined $url);
 
     my $query = $this->{request};
@@ -826 +830 @@
     # if we got here without a query, there's not much more we can do
     return unless $query;
-
-    # SMELL: if noredirect is set, don't generate the redirect, throw an
-    # exception instead. This is a HACK used to support TWikiDrawPlugin.
-    # It is deprecated and must be replaced by REST handlers in the plugin.
-    if ( $query->param('noredirect') ) {
-        die "ERROR: $url";
-        return;
-    }
-
-    if ($action_redirectto) {
-        my $redir = _getRedirectUrl($this);
-        $url = $redir if ($redir);
-    }
 
     if ( $passthru && defined $query->method() ) {
@@ -872 +863 @@
     # do this check as late as possible to catch _any_ last minute hacks
     # TODO: this should really use URI
-    if ( !isRedirectSafe($url) ) {
+    if ( !_isRedirectSafe($url) ) {
 
         # goto oops if URL is trying to take us somewhere dangerous
@@ -962 +953 @@
     my ($name) = @_;
 
-    return isValidWikiWord(@_) || isValidAbbrev(@_);
-}
-
-=begin TML
-
----++ StaticMethod isValidAbbrev( $name ) -> $boolean
-
-Check for a valid ABBREV (acronym)
-
-=cut
-
-sub isValidAbbrev {
-    my $name = shift || '';
-    return ( $name =~ m/^$regex{abbrevRegex}$/o );
+    return ( $name =~ m/^$regex{topicNameRegex}$/o );
 }
 
@@ -1148 +1126 @@
     while ( my $p = shift @args ) {
         if ( $p eq '#' ) {
-            $anchor .= '#' . shift(@args);
+            $anchor .= '#' . urlEncode( shift(@args) );
         }
         else {
@@ -3859 +3837 @@
         # Issues multi-valued parameters as separate hiddens
         my $value = $this->{request}->param($name);
+        $value = '' unless defined $value;
         $name = _encode( $encoding, $name );
         $value = _encode( $encoding, $value );