Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Stud.IP
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Jan-Hendrik Willms
Stud.IP
Commits
11d215b6
Commit
11d215b6
authored
8 months ago
by
Jan-Hendrik Willms
Browse files
Options
Downloads
Patches
Plain Diff
check every wiki page for correct context, fixes #4585
Closes #4585 Merge request
studip/studip!3395
parent
9514cdb9
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
app/controllers/course/wiki.php
+56
-25
56 additions, 25 deletions
app/controllers/course/wiki.php
lib/models/WikiVersion.php
+2
-0
2 additions, 0 deletions
lib/models/WikiVersion.php
with
58 additions
and
25 deletions
app/controllers/course/wiki.php
+
56
−
25
View file @
11d215b6
...
...
@@ -31,6 +31,7 @@ class Course_WikiController extends AuthenticatedController
Navigation
::
activateItem
(
'/course/wiki/start'
);
$this
->
page
=
new
WikiPage
(
$page_id
);
$this
->
validateWikiPage
(
$this
->
page
,
$this
->
range
);
$sidebar
=
Sidebar
::
Get
();
if
(
!
$this
->
page
->
isReadable
())
{
...
...
@@ -176,9 +177,8 @@ class Course_WikiController extends AuthenticatedController
public
function
pagesettings_action
(
WikiPage
$page
)
{
if
(
!
$page
->
isEditable
())
{
throw
new
AccessDeniedException
();
}
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
$options
=
[
''
=>
_
(
'Keine'
)
];
...
...
@@ -291,9 +291,8 @@ class Course_WikiController extends AuthenticatedController
public
function
ask_deleting_action
(
WikiPage
$page
)
{
if
(
!
$page
->
isEditable
())
{
throw
new
AccessDeniedException
();
}
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
PageLayout
::
setTitle
(
_
(
'Was genau soll gelöscht werden?'
));
}
...
...
@@ -301,9 +300,7 @@ class Course_WikiController extends AuthenticatedController
{
CSRFProtection
::
verifyUnsafeRequest
();
if
(
!
$page
->
isEditable
())
{
throw
new
AccessDeniedException
();
}
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
$name
=
$page
->
name
;
$page
->
delete
();
...
...
@@ -315,9 +312,7 @@ class Course_WikiController extends AuthenticatedController
{
CSRFProtection
::
verifyUnsafeRequest
();
if
(
!
$page
->
isEditable
())
{
throw
new
AccessDeniedException
();
}
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
$version
=
$page
->
versions
[
0
];
if
(
$version
)
{
...
...
@@ -430,6 +425,8 @@ class Course_WikiController extends AuthenticatedController
public
function
edit_action
(
WikiPage
$page
=
null
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
if
(
$page
->
isNew
()
&&
Request
::
get
(
'keyword'
))
{
$name
=
trim
(
Request
::
get
(
'keyword'
));
$page
=
WikiPage
::
findOneBySQL
(
'`name` = :name AND `range_id` = :range_id'
,
[
...
...
@@ -446,7 +443,7 @@ class Course_WikiController extends AuthenticatedController
$this
->
redirect
(
$this
->
editURL
(
$page
));
return
;
}
if
(
$page
->
isNew
()
||
!
$page
->
isEditable
()
)
{
if
(
$page
->
isNew
())
{
throw
new
AccessDeniedException
();
}
Navigation
::
activateItem
(
'/course/wiki/start'
);
...
...
@@ -486,8 +483,10 @@ class Course_WikiController extends AuthenticatedController
public
function
apply_editing_action
(
WikiPage
$page
)
{
if
(
!
$page
->
isEditable
()
||
!
Request
::
isPost
())
{
throw
new
AccessDeniedException
();
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
if
(
!
Request
::
isPost
())
{
throw
new
MethodNotAllowedException
();
}
$user
=
User
::
findCurrent
();
$pageData
=
[
...
...
@@ -520,8 +519,10 @@ class Course_WikiController extends AuthenticatedController
public
function
cancel_apply_editing_action
(
WikiPage
$page
)
{
if
(
!
$page
->
isEditable
()
||
!
Request
::
isPost
())
{
throw
new
AccessDeniedException
();
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
if
(
!
Request
::
isPost
())
{
throw
new
MethodNotAllowedException
();
}
$user
=
User
::
findCurrent
();
$pageData
=
[
...
...
@@ -545,9 +546,8 @@ class Course_WikiController extends AuthenticatedController
public
function
leave_editing_action
(
WikiPage
$page
)
{
if
(
!
$page
->
isEditable
())
{
throw
new
AccessDeniedException
();
}
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
$user
=
User
::
findCurrent
();
$pageData
=
[
'page_id'
=>
$page
->
id
,
...
...
@@ -562,8 +562,10 @@ class Course_WikiController extends AuthenticatedController
public
function
delegate_edit_mode_action
(
WikiPage
$page
,
$user_id
)
{
if
(
!
$page
->
isEditable
()
||
!
Request
::
isPost
())
{
throw
new
AccessDeniedException
();
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
if
(
!
Request
::
isPost
())
{
throw
new
MethodNotAllowedException
();
}
$user
=
User
::
findCurrent
();
$pageData
=
[
...
...
@@ -607,9 +609,7 @@ class Course_WikiController extends AuthenticatedController
{
CSRFProtection
::
verifyUnsafeRequest
();
if
(
!
$page
->
isEditable
())
{
throw
new
AccessDeniedException
();
}
$this
->
validateWikiPage
(
$page
,
$this
->
range
,
true
);
$page
->
content
=
\Studip\Markup
::
markAsHtml
(
trim
(
Request
::
get
(
'content'
)));
$user
=
User
::
findCurrent
();
...
...
@@ -699,12 +699,16 @@ class Course_WikiController extends AuthenticatedController
public
function
history_action
(
WikiPage
$page
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
);
Navigation
::
activateItem
(
'/course/wiki/start'
);
Sidebar
::
Get
()
->
addWidget
(
$this
->
getViewsWidget
(
$this
->
page
,
'history'
));
}
public
function
version_action
(
WikiVersion
$version
)
{
$this
->
validateWikiPage
(
$version
->
page
,
$this
->
range
);
Navigation
::
activateItem
(
'/course/wiki/start'
);
Sidebar
::
Get
()
->
addWidget
(
$this
->
getViewsWidget
(
$version
->
page
,
'history'
));
$startPage
=
WikiPage
::
find
(
$this
->
range
->
getConfiguration
()
->
WIKI_STARTPAGE_ID
);
...
...
@@ -720,6 +724,8 @@ class Course_WikiController extends AuthenticatedController
public
function
blame_action
(
WikiPage
$page
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
);
Navigation
::
activateItem
(
'/course/wiki/start'
);
Sidebar
::
Get
()
->
addWidget
(
$this
->
getViewsWidget
(
$page
,
'blame'
));
...
...
@@ -762,6 +768,8 @@ class Course_WikiController extends AuthenticatedController
public
function
diff_action
(
WikiPage
$page
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
);
Navigation
::
activateItem
(
'/course/wiki/start'
);
Sidebar
::
Get
()
->
addWidget
(
$this
->
getViewsWidget
(
$page
,
'diff'
));
...
...
@@ -801,6 +809,8 @@ class Course_WikiController extends AuthenticatedController
public
function
versiondiff_action
(
WikiPage
$page
,
$version_id
=
null
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
);
if
(
$version_id
!==
null
)
{
$this
->
version
=
WikiVersion
::
find
(
$version_id
);
}
...
...
@@ -1003,6 +1013,8 @@ class Course_WikiController extends AuthenticatedController
public
function
searchpage_action
(
WikiPage
$page
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
);
if
(
!
$page
->
isReadable
())
{
throw
new
AccessDeniedException
();
}
...
...
@@ -1027,6 +1039,8 @@ class Course_WikiController extends AuthenticatedController
public
function
pdf_action
(
WikiPage
$page
)
{
$this
->
validateWikiPage
(
$page
,
$this
->
range
);
if
(
!
$page
->
isReadable
())
{
throw
new
AccessDeniedException
();
}
...
...
@@ -1303,4 +1317,21 @@ class Course_WikiController extends AuthenticatedController
}
return
implode
(
'<br>'
,
$output
);
}
private
function
validateWikiPage
(
WikiPage
$page
,
Range
$context
,
bool
$for_edit
=
false
):
void
{
if
(
!
$page
->
isNew
()
&&
$page
->
range_id
!==
$context
->
id
)
{
throw
new
Exception
(
sprintf
(
_
(
'Diese Wikiseite gehört nicht zu dieser %s'
),
$context
->
describeRange
()
));
}
if
(
$for_edit
&&
!
$page
->
isEditable
())
{
throw
new
Exception
(
_
(
'Sie dürfen diese Wikiseite nicht bearbeiten'
));
}
}
}
This diff is collapsed.
Click to expand it.
lib/models/WikiVersion.php
+
2
−
0
View file @
11d215b6
...
...
@@ -16,6 +16,8 @@
* @property string page_id database column
* @property string id alias column for user_id
* @property string last_lifesign computed column read/write
*
* @property WikiPage $page
*/
class
WikiVersion
extends
SimpleORMap
{
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment