# I'm using UseMod wiki as an editable backend data store (rather than # writing custom db app's to do the same). Basically, I am on # MyProject.html which has a matching entry in the wiki as: # http://wiki.com/wiki.pl?MyProjectNews # # In order to allow editing, I hand-craft a link: # http://wiki.com/wiki.pl?action=edit&id=MyProjectNews # ...however, after the user is done editing, they are "stuck" in the # wiki without an obvious way to get back to the main pages. # # Enter this simple modification. Allow a "back" URL on edit actions # which the user will be redirected back to after saving their work. # URL will look like this (back URL must be "urlencoded"): # http://wiki.com/wiki.pl?action=edit&id=MyProjectNews&back=http%3A%2F%2Fsome.com%2FMyProject.html # # Note: probably does not work with all of the "RedirTypes" (I tested # with defaults and it works fine. # # WARNING: This exposes a security hole (mostly it opens up doors to # some strange social engineering). Consider something like this: # [http://wiki.com/wiki.pl?action=edit&back=http://hacker.com EditPage] # ...basically, if the hacker can fool the user into clicking a link, # the user might be opened up to unexpected behaviour. Might be something # to worry about on the "big bad internet", but should be fine for local # applications. # # --Robert Ames (ramses0!yahoo.com) # Patch is in "diff -u" format. Contact me for questions / updates. --- wiki.pl Sun Sep 1 17:15:58 2002 +++ wiki-redirs.pl Mon Jul 14 18:33:08 2003 @@ -45,7 +45,7 @@ $UrlProtocols $UrlPattern $ImageExtensions $RFCPattern $ISBNPattern $FS $FS1 $FS2 $FS3 $CookieName $SiteBase $StyleSheet $NotFoundPg $FooterNote $EditNote $MaxPost $NewText $NotifyDefault $HttpCharset - $UserGotoBar); + $UserGotoBar $AllowEditRedirects); # Note: $NotifyDefault is kept because it was a config variable in 0.90 # Other global variables: use vars qw(%Page %Section %Text %InterSite %SaveUrl %SaveNumUrl @@ -85,6 +85,8 @@ $NewText = ""; # New page text ("" for default message) $HttpCharset = ""; # Charset for pages, like "iso-8859-2" $UserGotoBar = ""; # HTML added to end of goto bar +$AllowEditRedirects = 1; # 1 = allow wiki to redirect to arbitrary URL's after a save/edit action. + # (like: LINK: http://wiki.com/wiki.pl?action=edit&id=TestPage&back=http://mysite.com) # Major options: $UseSubpage = 1; # 1 = use subpages, 0 = do not use subpages @@ -1121,7 +1123,11 @@ # Normally get URL from script, but allow override. $FullUrl = $q->url(-full=>1) if ($FullUrl eq ""); - $url = $FullUrl . "?" . $newid; + if( length($newid) > 0 ) { + $url = $FullUrl . "?" . $newid; + } else { + $url = $FullUrl; + } $nameLink = "<a href=\"$url\">$name</a>"; if ($RedirType < 3) { if ($RedirType == 1) { # Use CGI.pm @@ -2516,7 +2522,7 @@ sub DoEdit { my ($id, $isConflict, $oldTime, $newText, $preview) = @_; my ($header, $editRows, $editCols, $userName, $revision, $oldText); - my ($summary, $isEdit, $pageTime); + my ($summary, $isEdit, $pageTime, $back); if (!&UserCanEdit($id, 1)) { print &GetHeader("", T('Editing Denied'), ""); @@ -2535,6 +2541,10 @@ &OpenDefaultText(); $pageTime = $Section{'ts'}; $header = Ts('Editing %s', $id); + if( $AllowEditRedirects ) { + # Allow redirects after editing + $back = &GetParam('back', ''); + } # Old revision handling $revision = &GetParam('revision', ''); $revision =~ s/\D//g; # Remove non-numeric chars @@ -2582,6 +2592,9 @@ print &GetHiddenValue("title", $id), "\n", &GetHiddenValue("oldtime", $pageTime), "\n", &GetHiddenValue("oldconflict", $isConflict), "\n"; + if( $AllowEditRedirects ) { + print &GetHiddenValue("back", $back), "\n"; + } if ($revision ne "") { print &GetHiddenValue("revision", $revision), "\n"; } @@ -3190,12 +3203,15 @@ } sub DoPost { - my ($editDiff, $old, $newAuthor, $pgtime, $oldrev, $preview, $user); + my ($editDiff, $old, $newAuthor, $pgtime, $oldrev, $preview, $user, $back); my $string = &GetParam("text", undef); my $id = &GetParam("title", ""); my $summary = &GetParam("summary", ""); my $oldtime = &GetParam("oldtime", ""); my $oldconflict = &GetParam("oldconflict", ""); + if( $AllowEditRedirects ) { + $back = &GetParam("back", ""); + } my $isEdit = 0; my $editTime = $Now; my $authorAddr = $ENV{REMOTE_ADDR}; @@ -3235,7 +3251,12 @@ $preview = 1 if (&GetParam("Preview", "") ne ""); if (!$preview && ($old eq $string)) { # No changes (ok for preview) &ReleaseLock(); - &ReBrowsePage($id, "", 1); + if ($back ne "" && $AllowEditRedirects) { + $FullUrl = $back; + print &GetRedirectPage( "", "", "" ); + } else { + &ReBrowsePage($id, "", 1); + } return; } # Later extract comparison? @@ -3299,7 +3320,13 @@ unlink($IndexFile); # Regenerate index on next request } &ReleaseLock(); - &ReBrowsePage($id, "", 1); + + if ($back && $AllowEditRedirects) { + $FullUrl = $back; + print &GetRedirectPage( "", "", "" ); + } else { + &ReBrowsePage($id, "", 1); + } } sub UpdateDiffs {