Modified all scripts with appropriate restrictions based on

[cocanwiki.git] / scripts / page.ml

(* COCANWIKI scripts.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: page.ml,v 1.5 2004/09/08 09:54:28 rich Exp $
 *)

open Apache
open Registry
open Cgi
open Printf

open ExtString

open Cocanwiki
open Cocanwiki_template
open Cocanwiki_ok
open Cocanwiki_date

let template_page = get_template "page.html"
let template_404  = get_template "page_404.html"

(* Maximum level of redirection. *)
let max_redirect = 4

type fp_status = FPOK of int * string * string * Dbi.datetime * bool
               | FPRedirect of string
               | FPNotFound

let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, edit_anon) user =
  let page = q#param "page" in
  let page = if page = "" then "index" else page in

  (* Host-specific CSS? *)
  let sth = dbh#prepare_cached "select css is not null from hosts
                                 where id = ?" in
  sth#execute [`Int hostid];
  let has_host_css =
    match sth#fetch1 () with
      | [ `Bool has_host_css ] -> has_host_css
      | _ -> assert false in

  (* Can the user edit? *)
  let can_edit = can_edit edit_anon user in

  (* This code generates ordinary pages. *)
  let make_page title description pageid last_modified_date has_page_css
      version page page' =
    let t = template_page in
    t#set "title" title;
    t#set "description" description;
    t#set "pageid" (string_of_int pageid);
    t#set "last_modified_date" (printable_date last_modified_date);
    t#set "cocanwiki_package" Cocanwiki_version.package;
    t#set "cocanwiki_version" Cocanwiki_version.version;

    if page <> page' then (* redirection *) (
      t#set "page" page';
      t#set "original_page" page; (* XXX title - get it from database *)
      t#conditional "redirected" true
    ) else (
      t#set "page" page;
      t#conditional "redirected" false
    );

    t#conditional "has_host_css" has_host_css;
    t#conditional "has_page_css" has_page_css;

    t#conditional "can_edit" can_edit;

    (* Pull out the sections in this page. *)
    let sth = dbh#prepare_cached
                "select ordering, sectionname, content, divname
                   from contents
                  where pageid = ?
                  order by ordering" in
    sth#execute [`Int pageid];

    let sections =
      sth#map
        (function [`Int ordering; `String sectionname; `String content;
                   (`Null | `String _) as divname] ->
           let divname, has_divname =
             match divname with
                 `Null -> "", false
               | `String divname -> divname, true in
           [ "ordering", Template.VarString (string_of_int ordering);
             "sectionname", Template.VarString sectionname;
             "content",
               Template.VarString
                 (Wikilib.xhtml_of_content dbh hostid content);
             "has_divname", Template.VarConditional has_divname;
             "divname", Template.VarString divname ]
           | _ -> assert false) in

    t#table "sections" sections;

    (* Are we showing an old version of the page?  If so, warn. *)
    (match version with
         None ->
           t#conditional "is_old_version" false
       | Some pageid ->
           t#conditional "is_old_version" true;
           t#set "old_version" (string_of_int pageid));

    (* Login status. *)
    (match user with
         Anonymous ->
           t#conditional "user_logged_in" false
       | User (_, username, _) ->
           t#conditional "user_logged_in" true;
           t#set "username" username);

    q#template t
  in

  (* This code generates 404 pages. *)
  let make_404 () =
    Request.set_status r 404;           (* Return a 404 error code. *)

    let t = template_404 in
    t#set "page" page;

    let search_terms =
      String.map
        (function
             ('a'..'z' | 'A'..'Z' | '0'..'9') as c -> c
           | _ -> ' ') page in

    template_404#set "search_terms" search_terms;

    q#template t
  in

  (* Fetch a page by name.  This function can give three answers:
   * (1) Page fetched OK (fetches some details of the page).
   * (2) Page is a redirect (fetches the name of the redirect page).
   * (3) Page not found in database, ie. 404 error.
   *)
  (* XXX Should do a case-insensitive matching of URLs, and if the URL differs
   * in case only should redirect to the lowercase version.
   *)
  let fetch_page page version allow_redirect =
    match version with
      | None ->
          if allow_redirect then (
            let sth =
              dbh#prepare_cached
                "select redirect, id, title, description, last_modified_date,
                        css is not null
                   from pages where hostid = ? and url = ?" in
            sth#execute [`Int hostid; `String page];
            (try
               (match sth#fetch1 () with
                  | [ `Null; `Int id; `String title; `String description;
                      `Timestamp last_modified_date; `Bool has_page_css ] ->
                      FPOK (id, title, description, last_modified_date,
                            has_page_css)
                  | `String redirect :: _ ->
                      FPRedirect redirect
                  | _ -> assert false)
             with
                 Not_found -> FPNotFound)
          ) else (* redirects not allowed ... *) (
            let sth =
              dbh#prepare_cached
                "select id, title, description, last_modified_date,
                        css is not null
                   from pages where hostid = ? and url = ?" in
            sth#execute [`Int hostid; `String page];
            (try
               (match sth#fetch1 () with
                  | [ `Int id; `String title; `String description;
                      `Timestamp last_modified_date; `Bool has_page_css ] ->
                      FPOK (id, title, description, last_modified_date,
                            has_page_css)
                  | _ -> assert false)
             with
                 Not_found -> FPNotFound)
          )
      | Some version ->
            let sth =
              dbh#prepare_cached
                "select id, title, description, last_modified_date,
                        css is not null
                   from pages
                  where hostid = ? and id = ? and
                        (url = ? or url_deleted = ?)" in
            sth#execute [`Int hostid; `Int version;
                         `String page; `String page];
            (try
               (match sth#fetch1 () with
                  | [ `Int id; `String title; `String description;
                      `Timestamp last_modified_date; `Bool has_page_css ] ->
                      FPOK (id, title, description, last_modified_date,
                            has_page_css)
                  | _ -> assert false)
             with
                 Not_found -> FPNotFound)
  in

  (* Here we deal with the complex business of redirects and versions. *)
  (* Only allow the no_redirect and version syntax for editors. *)
  let allow_redirect, version =
    if can_edit then (
      not (q#param_true "no_redirect"),
      try Some (int_of_string (q#param "version")) with Not_found -> None
    ) else
      (true, None) in

  let rec loop page' i =
    if i > max_redirect then (
      error ~title:"Too many redirections" ~back_button:true
        q ("Too many redirects between pages.  This may happen because " ^
           "of a cycle of redirections.");
      raise CgiExit
    ) else
      match fetch_page page' version allow_redirect with
        | FPOK (pageid, title, description, last_modified_date, has_page_css)->
            make_page title description pageid last_modified_date has_page_css
              version page page'
        | FPRedirect page' ->
            loop page' (i+1)
        | FPNotFound ->
            make_404 ()
  in
  loop page 0

let () =
  register_script run