X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=handlers%2F20_edit_attachment.sh;fp=handlers%2F20_edit_attachment.sh;h=0000000000000000000000000000000000000000;hb=c2d4d148a5155b27e7573462b12476df231e23f9;hp=97a4b9df2d8825be71512714c98f6e8fbdd193cf;hpb=d5f49dcedc32f9eaa2932c0a9e9bf5ffbc92cab9;p=shellwiki

diff --git a/handlers/20_edit_attachment.sh b/handlers/20_edit_attachment.sh
deleted file mode 100755
index 97a4b9d..0000000
--- a/handlers/20_edit_attachment.sh
+++ /dev/null
@@ -1,220 +0,0 @@
-#!/bin/sh
-
-REV_ATTACHMENTS="${REV_ATTACHMENTS:-false}"
-
-if [ "${PATH_INFO##*/\[attachment\]}" ]; then
-  # Skip any action not happening on attachment page
-  return 1
-fi
-
-page="${PATH_INFO%\[attachment\]}"
-action="$(POST action)"
-
-tsid="$(POST session_key)"; tsid="${tsid%% *}"
-
-
-if ! acl_write "${PATH_INFO%\[attachment\]}"; then
-  # Deny access to write protected pages
-  printf 'Refresh: %i\r\n' 4
-  theme_error 403
-  [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] \
-  && head -c $((CONTENT_LENGTH)) >/dev/null
-  return 0
-
-elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ]; then
-  . "$_EXEC/multipart.sh"
-  multipart_cache
-
-  # Use positional parameters for filename collection
-  # The positional array is the only array available
-  # in plain posix shells, see the documentation for
-  # your shells "set" builtin for a hint to this
-  # obscure use mode
-  set --
-
-  # Validate session id from form to prevent CSRF
-  # Only validate if username is present, because no username means
-  # anonymous uploads are allowed via acl and cgilite/session.sh does not
-  # validate anonymous sessions from a multipart/formdata
-  if [ "$USER_NAME" -a "$(multipart session_id)" != "$SESSION_ID" ]; then
-    rm -- "$multipart_cachefile"
-    printf 'Refresh: %i\r\n' 4
-    theme_error 403
-    return 0
-  fi
-
-  mkdir -p "$_DATA/pages${page}#attachments/"
-  n=1; while filename=$(multipart_filename "file" "$n"); do
-    filename="$(printf %s "$filename" |tr /\\0 __)"
-    set -- "$@" "pages${page}#attachments/$filename"
-    multipart "file" "$n" >"$_DATA/pages${page}#attachments/$filename"
-    n=$((n + 1))
-  done
-  rm -- "$multipart_cachefile"
-  if [ "$REV_ATTACHMENTS" = true ]; then
-    git -C "$_DATA" add -- "$@"
-    git -C "$_DATA" commit -qm "Attachments to # $page # uploaded by @ $USER_NAME @" -- "$@"
-  fi
-  REDIRECT "${_BASE}${PATH_INFO}"
-
-elif [ "$SESSION_ID" != "$tsid" ]; then
-  # Match session key from POST-Data to prevent CSRF:
-  # For authenticated users the POST session_key must match
-  # the session key used for authentication (usually from a
-  # cookie). This should ensure that POST requests were not
-  # triggered by malicious 3rd party sites freeriding on an
-  # existing user authentication.
-  # For pages that are writable by anonymous users, this is
-  # not reliable.
-
-  printf 'Refresh: %i\r\n' 4
-  theme_error 403
-  return 0
-fi
-
-if [ "$action" = delete -o "$action" = move ]; then
-  set --
-  n="$(POST_COUNT select)"; while [ $n -gt 0 ]; do
-    select="$(POST select $n |PATH)"
-    set -- "$@" "pages${page}#attachments/${select##*/}"
-    n=$((n - 1))
-  done
-fi
-
-if [ "$action" = delete ]; then
-  if [ "$REV_ATTACHMENTS" = true ]; then
-    git -C "$_DATA" rm -- "$@"
-    git -C "$_DATA" commit -qm \
-        "Attachment to # $page # deleted by @ $USER_NAME @" -- "$@"
-  else
-    ( cd "$_DATA" && rm -- "$@"; )
-  fi
-  REDIRECT "${_BASE}${PATH_INFO}"
-
-elif [ "$action" = move ]; then
-  moveto="$(POST moveto |PATH)"
-
-  if ! acl_write "$moveto"; then
-    printf 'Refresh: %i\r\n' 4
-    theme_error 403
-    return 0
-
-  elif [ ! -d "${_DATA}/pages${moveto}" ]; then
-    printf 'Refresh: %i\r\n' 4
-    theme_error 404
-    return 0
-
-  elif [ "$REV_ATTACHMENTS" = true ]; then
-    mkdir -p -- "${_DATA}/pages${moveto}/#attachments"
-    git -C "$_DATA" mv -f -- "$@" "pages${moveto}/#attachments/"
-
-    cnt=$#; while [ $cnt -gt 0 ]; do
-      set -- "$@" "$1" "pages/${moveto}/#attachments/${1##*/}"
-      cnt=$((cnt - 1)); shift 1
-    done
-
-    git -C "$_DATA" commit -qm \
-        "Attachment moved from # $page # to # $moveto # by @ $USER_NAME @" -- "$@"
-  else
-    mkdir -p -- "${_DATA}/pages${moveto}/#attachments"
-    ( cd "$_DATA" && mv -- "$@" "pages${moveto}/#attachments/"; )
-  fi
-  REDIRECT "${_BASE}${PATH_INFO}"
-
-elif [ "$action" = rename ]; then
-  fail='' success=''
-  set --
-
-  for file in "${_DATA}/pages${page}#attachments"/*; do
-    rename="$(POST rename_"$(slopecode "${file##*/}" |sed 's;=;%3D;g')")"
-
-    if [ "$REV_ATTACHMENTS" = true -a \
-         -f "${file}" -a \
-         "$rename" -a \
-         "${rename%/*}" = "${rename}" -a \
-         ! -e "${_DATA}/pages${page}#attachments/${rename}" ] \
-       && git -C "$_DATA" mv -- "pages${page}#attachments/${file##*/}" "pages${page}#attachments/${rename}"; then
-      success="${success}$(HTML "${file##*/}/${rename}")${BR}"
-      set -- "$@" "pages${page}#attachments/${file##*/}" "pages${page}#attachments/${rename}"
-
-    elif [ "$REV_ATTACHMENTS" = true -a "${rename}" ]; then
-      fail="${fail}$(HTML "${file##*/}/${rename}")${BR}"
-
-    elif [ -f "${file}" -a \
-           "$rename" -a \
-           "${rename%/*}" = "${rename}" -a \
-           ! -e "${_DATA}/pages${page}#attachments/${rename}" ] \
-         && mv -- "${file}" "${_DATA}/pages${page}#attachments/${rename}"; then
-      success="${success}$(HTML "${file##*/}/${rename}")${BR}"
-
-    elif [ "${rename}" ]; then
-      fail="${fail}$(HTML "${file##*/}/${rename}")${BR}"
-
-    fi
-  done
-
-  if [ "$REV_ATTACHMENTS" = true -a $# -gt 2 ]; then
-    git -C "$_DATA" commit -qm \
-        "Attachment files renamed by @ $USER_NAME @" -- "$@"
-  elif [ "$REV_ATTACHMENTS" = true -a $# -eq 2 ]; then
-    git -C "$_DATA" commit -qm \
-        "Attachment file renamed by @ $USER_NAME @" -- "$@"
-  fi
-
-  if [ "$success" -a "$fail" ]; then
-    printf "%s\r\n" "Status: 500 Internal Server Error"
-    theme_page - "Attachment rename" <<-EOF
-	<h1 class="rename partial">Some files could not be renamed</h1>
-	<h2 class="rename success">Successfully renamed:</h2>
-	<ul class="rename success">
-	$(printf %s "$success" |while read html; do
-	  printf '<li><span class=from>%s</span> -&gt; <span class=to>%s</span></li>' \
-	         "${html%%/*}" "${html##*/}"
-	done)
-	</ul>
-	<h2 class="rename fail">Errors:</h2>
-	<ul class="rename fail">
-	$(printf %s "$fail" |while read html; do
-	  printf '<li><span class=from>%s</span> -&gt; <span class=to>%s</span></li>' \
-	         "${html%%/*}" "${html##*/}"
-	done)
-	</ul>
-	<a class="button rename fail" href="[attachment]">OK</a>
-	EOF
-    exit 0
-
-  elif [ "$fail" ]; then
-    printf "%s\r\n" "Status: 500 Internal Server Error"
-    theme_page - "Attachment rename" <<-EOF
-	<h1 class="rename fail">Files could not be renamed</h1>
-	<ul class="rename fail">
-	$(printf %s "$fail" |while read html; do
-	  printf '<li><span class=from>%s</span> -&gt; <span class=to>%s</span></li>' \
-	         "${html%%/*}" "${html##*/}"
-	done)
-	</ul>
-	<a class="button rename fail" href="[attachment]">OK</a>
-	EOF
-    exit 0
-
-  elif [ "$success" ]; then
-    printf 'Refresh: %i\r\n' 4
-    theme_page - "Attachment rename" <<-EOF
-	<h1 class="rename success">Files were renamed</h1>
-	<ul class="rename success">
-	$(printf %s "$success" |while read html; do
-	  printf '<li><span class=from>%s</span> -&gt; <span class=to>%s</span></li>' \
-	         "${html%%/*}" "${html##*/}"
-	done)
-	</ul>
-	<a class="button rename success" href="[attachment]">OK</a>
-	EOF
-    exit 0
-
-  else
-    REDIRECT "${_BASE}${PATH_INFO}"
-
-  fi
-fi
-
-return 1