[Home]WikiPatches/AllowEditRedirects

UseModWiki | WikiPatches | RecentChanges | Preferences

# I'm using UseMod wiki as an editable backend data store (rather than
# writing custom db app's to do the same).  Basically, I am on
# MyProject.html which has a matching entry in the wiki as: 
#   http://wiki.com/wiki.pl?MyProjectNews
#
# In order to allow editing, I hand-craft a link:
#   http://wiki.com/wiki.pl?action=edit&id=MyProjectNews
# ...however, after the user is done editing, they are "stuck" in the
# wiki without an obvious way to get back to the main pages.
#
# Enter this simple modification.  Allow a "back" URL on edit actions
# which the user will be redirected back to after saving their work.
# URL will look like this (back URL must be "urlencoded"):
#   http://wiki.com/wiki.pl?action=edit&id=MyProjectNews&back=http%3A%2F%2Fsome.com%2FMyProject.html
#
# Note: probably does not work with all of the "RedirTypes" (I tested
# with defaults and it works fine.
#
# WARNING: This exposes a security hole (mostly it opens up doors to
# some strange social engineering).  Consider something like this:
#   [http://wiki.com/wiki.pl?action=edit&back=http://hacker.com EditPage]
# ...basically, if the hacker can fool the user into clicking a link,
# the user might be opened up to unexpected behaviour.  Might be something
# to worry about on the "big bad internet", but should be fine for local
# applications.
#
# --Robert Ames (ramses0!yahoo.com)
# Patch is in "diff -u" format.  Contact me for questions / updates.
--- wiki.pl	Sun Sep  1 17:15:58 2002
+++ wiki-redirs.pl	Mon Jul 14 18:33:08 2003
@@ -45,7 +45,7 @@
   $UrlProtocols $UrlPattern $ImageExtensions $RFCPattern $ISBNPattern
   $FS $FS1 $FS2 $FS3 $CookieName $SiteBase $StyleSheet $NotFoundPg
   $FooterNote $EditNote $MaxPost $NewText $NotifyDefault $HttpCharset
-  $UserGotoBar);
+  $UserGotoBar $AllowEditRedirects);
 # Note: $NotifyDefault is kept because it was a config variable in 0.90
 # Other global variables:
 use vars qw(%Page %Section %Text %InterSite %SaveUrl %SaveNumUrl
@@ -85,6 +85,8 @@
 $NewText     = "";              # New page text ("" for default message)
 $HttpCharset = "";              # Charset for pages, like "iso-8859-2"
 $UserGotoBar = "";              # HTML added to end of goto bar
+$AllowEditRedirects = 1;        # 1 = allow wiki to redirect to arbitrary URL's after a save/edit action.
+                                # (like: LINK: http://wiki.com/wiki.pl?action=edit&id=TestPage&back=http://mysite.com)
 
 # Major options:
 $UseSubpage  = 1;       # 1 = use subpages,       0 = do not use subpages
@@ -1121,7 +1123,11 @@
 
   # Normally get URL from script, but allow override.
   $FullUrl = $q->url(-full=>1)  if ($FullUrl eq "");
-  $url = $FullUrl . "?" . $newid;
+  if( length($newid) > 0 ) {
+    $url = $FullUrl . "?" . $newid;
+  } else {
+    $url = $FullUrl;
+  }
   $nameLink = "<a href=\"$url\">$name</a>";
   if ($RedirType < 3) {
     if ($RedirType == 1) {             # Use CGI.pm
@@ -2516,7 +2522,7 @@
 sub DoEdit {
   my ($id, $isConflict, $oldTime, $newText, $preview) = @_;
   my ($header, $editRows, $editCols, $userName, $revision, $oldText);
-  my ($summary, $isEdit, $pageTime);
+  my ($summary, $isEdit, $pageTime, $back);
 
   if (!&UserCanEdit($id, 1)) {
     print &GetHeader("", T('Editing Denied'), "");
@@ -2535,6 +2541,10 @@
   &OpenDefaultText();
   $pageTime = $Section{'ts'};
   $header = Ts('Editing %s', $id);
+  if( $AllowEditRedirects ) {
+    # Allow redirects after editing
+    $back = &GetParam('back', '');
+  }
   # Old revision handling
   $revision = &GetParam('revision', '');
   $revision =~ s/\D//g;  # Remove non-numeric chars
@@ -2582,6 +2592,9 @@
   print &GetHiddenValue("title", $id), "\n",
         &GetHiddenValue("oldtime", $pageTime), "\n",
         &GetHiddenValue("oldconflict", $isConflict), "\n";
+  if( $AllowEditRedirects ) {
+    print &GetHiddenValue("back", $back), "\n";
+  }
   if ($revision ne "") {
     print &GetHiddenValue("revision", $revision), "\n";
   }
@@ -3190,12 +3203,15 @@
 }
 
 sub DoPost {
-  my ($editDiff, $old, $newAuthor, $pgtime, $oldrev, $preview, $user);
+  my ($editDiff, $old, $newAuthor, $pgtime, $oldrev, $preview, $user, $back);
   my $string = &GetParam("text", undef);
   my $id = &GetParam("title", "");
   my $summary = &GetParam("summary", "");
   my $oldtime = &GetParam("oldtime", "");
   my $oldconflict = &GetParam("oldconflict", "");
+  if( $AllowEditRedirects ) {
+    $back = &GetParam("back", "");
+  }
   my $isEdit = 0;
   my $editTime = $Now;
   my $authorAddr = $ENV{REMOTE_ADDR};
@@ -3235,7 +3251,12 @@
   $preview = 1  if (&GetParam("Preview", "") ne "");
   if (!$preview && ($old eq $string)) {  # No changes (ok for preview)
     &ReleaseLock();
-    &ReBrowsePage($id, "", 1);
+    if ($back ne "" && $AllowEditRedirects) {
+      $FullUrl = $back;
+      print &GetRedirectPage( "", "", "" );
+    } else {

+      &ReBrowsePage($id, "", 1);
+    }
     return;
   }
   # Later extract comparison?
@@ -3299,7 +3320,13 @@
     unlink($IndexFile);  # Regenerate index on next request
   }
   &ReleaseLock();
-  &ReBrowsePage($id, "", 1);
+
+  if ($back && $AllowEditRedirects) {
+    $FullUrl = $back;
+    print &GetRedirectPage( "", "", "" );
+  } else {
+    &ReBrowsePage($id, "", 1);
+  }
 }
 
 sub UpdateDiffs {

UseModWiki | WikiPatches | RecentChanges | Preferences
Edit text of this page | View other revisions | Search MetaWiki
Last edited September 5, 2011 9:32 pm by MarkusLude (diff)
Search: