From d3a240cccb1e7a163ce94cb3e0972c4e10a5c4e9 Mon Sep 17 00:00:00 2001 From: Banana Date: Wed, 15 Jun 2011 12:46:09 +0200 Subject: [PATCH] check access via function call and not everytime the same copy&paste --- BUGS | 1 + lib/Insipid/Bookmarks.pm | 424 +++++++++++++++++++-------------------- lib/Insipid/Main.pm | 26 +-- lib/Insipid/Tags.pm | 10 +- lib/Insipid/Util.pm | 158 +++++++-------- 5 files changed, 298 insertions(+), 321 deletions(-) diff --git a/BUGS b/BUGS index c64d471..bb00faa 100644 --- a/BUGS +++ b/BUGS @@ -1,5 +1,6 @@ === Open Bugs === +* Add possible even if no data is inserted ! * Add form shown although not logged in * Case-sensitivity in SELECT statements with Postgres really do a number on the tag algorithms diff --git a/lib/Insipid/Bookmarks.pm b/lib/Insipid/Bookmarks.pm index 7f94415..25bbf52 100755 --- a/lib/Insipid/Bookmarks.pm +++ b/lib/Insipid/Bookmarks.pm @@ -1,214 +1,210 @@ -#!/usr/bin/perl -# -# Copyright (C) 2008 Luke Reeves -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 -# USA -# - -package Insipid::Bookmarks; - -use strict; -use warnings; - -use vars qw(@ISA @EXPORT @EXPORT_OK $icount $duplicates); -use Insipid::Config; -use Insipid::Database; -use Insipid::Schemas; -use Insipid::Sessions; -use Insipid::Tags; -use Insipid::Util; -use DBI qw/:sql_types/;; -use Date::Format; -use Date::Parse; -use CGI qw/:standard/; -use CGI::Carp qw(fatalsToBrowser); -use Digest::MD5 qw(md5 md5_hex); - -require Exporter; - -@ISA = qw(Exporter); - -@EXPORT = qw( -add_bookmark -export_bookmarks -get_bookmark_id_by_url -$icount -$duplicates -); - -sub get_bookmark_id_by_url { - my ($url) = (@_); - my $sql = "select $tbl_bookmarks.id from $tbl_bookmarks - where ($tbl_bookmarks.url = ?)"; - my $sth = $dbh->prepare($sql); - $sth->execute($url); - - my @r = $sth->fetchrow_array; - return $r[0]; -} - -sub add_bookmark { - my ($url, $title, $description, $access_level, $epoch, $tags) = (@_); - my ($sql, $sth); - - if(logged_in() ne 1) { - push(@errors, 'You have to be logged in to perform ' . - 'that operation.'); - return; - } - - my $md5 = md5_hex($url); - - # Check for duplicate - $sql = "select title from $tbl_bookmarks where (md5 = ?)"; - $sth = $dbh->prepare($sql); - $sth->execute($md5); - - if($sth->rows ne 0) { - $duplicates++; - return; - } - - $sql = "INSERT INTO $tbl_bookmarks - (url, md5, title, description, access_level, date) - VALUES (?, ?, ?, ?, ?, ?)"; - - if($epoch eq 0) { $epoch = time; } - $sth = $dbh->prepare($sql); - - $sth->execute($url, $md5, $title, $description, $access_level, $epoch) - or die $DBI::errstr; - - $icount++; - - set_tags(get_bookmark_id_by_url($url), $tags); -} - -sub export_bookmarks { - my ($writer) = (@_); - - my ($sql, $sth, $last_id); - - $writer->startTag("posts"); - - $sql = "select - $tbl_bookmarks.id, $tbl_bookmarks.title, - $tbl_bookmarks.date, $tbl_bookmarks.access_level, - $tbl_bookmarks.url, $tbl_tags.name - from $tbl_bookmarks - left join $tbl_bookmark_tags on - ($tbl_bookmarks.id = $tbl_bookmark_tags.bookmark_id) - left join $tbl_tags on - ($tbl_bookmark_tags.tag_id = $tbl_tags.id)"; - - $sth = $dbh->prepare($sql); - $sth->execute(); - - my ($url, $title); - my $tags = ""; - - my %last; - $last_id = -1; - my $current = 0; - my $max = $sth->rows; - - # There HAS to be a better way to do this horrible looping for tags. - while(my $hr = $sth->fetchrow_hashref) { - $current++; - - # For the first bookmark - if($last_id eq -1) { - $last_id = $hr->{'id'}; - $last{title} = $hr->{'title'}; - $last{url} = $hr->{'url'}; - $last{tags} = ""; - $last{timestamp} = $hr->{'date'}; - $last{access_level} = $hr->{'access_level'}; - } - - #if(($hr->{'id'} ne $last_id) || ($current eq $max)) { - if($hr->{'id'} ne $last_id) { - # the id changed, so show the last mark. - #my $url = sanitize_html($last{'url'}); - my $url = $last{'url'}; - my $title = $last{'title'}; - #my $title = sanitize_html($last{'title'}); - #$title =~ s/"/"/gi; - if(defined($last{tags})) { - if($last{tags} eq "") { - $last{tags} = "system:unfiled"; - } - } else { - $last{tags} = "system:unfiled"; - } - - if($last{url} ne "") { - my $tstr = time2str("%Y-%m-%dT%TZ", $last{timestamp}, "GMT"); - $writer->emptyTag('post', - 'access_level' => $last{access_level}, - 'href' => $url, - 'description' => $title, - 'tag' => $last{tags}, - 'time' => $tstr); - } - - # Swap the new one in. - $last_id = $hr->{'id'}; - $last{title} = $hr->{'title'}; - $last{url} = $hr->{'url'}; - $last{tags} = $hr->{'name'}; - $last{timestamp} = $hr->{'date'}; - $last{access_level} = $hr->{'access_level'}; - } else { - # Add tag to the current bookmark - if($hr->{'name'}) { - $last{tags} = "$last{tags} $hr->{'name'}"; - } - } - } - - if($last{'url'}) { - #$url = sanitize_html($last{'url'}); - #$title = sanitize_html($last{'title'}); - #$title =~ s/"/"/gi; - - $url = $last{'url'}; - $title = $last{'title'}; - - if(defined($last{tags})) { - if($last{tags} eq "") { - $last{tags} = "system:unfiled"; - } - } else { - $last{tags} = "system:unfiled"; - } - - if($last{url} ne "") { - my $tstr = time2str("%Y-%m-%dT%TZ", $last{timestamp}, "GMT"); - $writer->emptyTag('post', - 'access_level' => $last{access_level}, - 'href' => $url, - 'description' => $title, - 'tag' => $last{tags}, - 'time' => $tstr); - } - } - - $writer->endTag("posts"); -} - -1; -__END__ +#!/usr/bin/perl +# +# Copyright (C) 2008 Luke Reeves +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# + +package Insipid::Bookmarks; + +use strict; +use warnings; + +use vars qw(@ISA @EXPORT @EXPORT_OK $icount $duplicates); +use Insipid::Config; +use Insipid::Database; +use Insipid::Schemas; +use Insipid::Sessions; +use Insipid::Tags; +use Insipid::Util; +use DBI qw/:sql_types/;; +use Date::Format; +use Date::Parse; +use CGI qw/:standard/; +use CGI::Carp qw(fatalsToBrowser); +use Digest::MD5 qw(md5 md5_hex); + +require Exporter; + +@ISA = qw(Exporter); + +@EXPORT = qw( +add_bookmark +export_bookmarks +get_bookmark_id_by_url +$icount +$duplicates +); + +sub get_bookmark_id_by_url { + my ($url) = (@_); + my $sql = "select $tbl_bookmarks.id from $tbl_bookmarks + where ($tbl_bookmarks.url = ?)"; + my $sth = $dbh->prepare($sql); + $sth->execute($url); + + my @r = $sth->fetchrow_array; + return $r[0]; +} + +sub add_bookmark { + my ($url, $title, $description, $access_level, $epoch, $tags) = (@_); + my ($sql, $sth); + + check_access(); + + my $md5 = md5_hex($url); + + # Check for duplicate + $sql = "select title from $tbl_bookmarks where (md5 = ?)"; + $sth = $dbh->prepare($sql); + $sth->execute($md5); + + if($sth->rows ne 0) { + $duplicates++; + return; + } + + $sql = "INSERT INTO $tbl_bookmarks + (url, md5, title, description, access_level, date) + VALUES (?, ?, ?, ?, ?, ?)"; + + if($epoch eq 0) { $epoch = time; } + $sth = $dbh->prepare($sql); + + $sth->execute($url, $md5, $title, $description, $access_level, $epoch) + or die $DBI::errstr; + + $icount++; + + set_tags(get_bookmark_id_by_url($url), $tags); +} + +sub export_bookmarks { + my ($writer) = (@_); + + my ($sql, $sth, $last_id); + + $writer->startTag("posts"); + + $sql = "select + $tbl_bookmarks.id, $tbl_bookmarks.title, + $tbl_bookmarks.date, $tbl_bookmarks.access_level, + $tbl_bookmarks.url, $tbl_tags.name + from $tbl_bookmarks + left join $tbl_bookmark_tags on + ($tbl_bookmarks.id = $tbl_bookmark_tags.bookmark_id) + left join $tbl_tags on + ($tbl_bookmark_tags.tag_id = $tbl_tags.id)"; + + $sth = $dbh->prepare($sql); + $sth->execute(); + + my ($url, $title); + my $tags = ""; + + my %last; + $last_id = -1; + my $current = 0; + my $max = $sth->rows; + + # There HAS to be a better way to do this horrible looping for tags. + while(my $hr = $sth->fetchrow_hashref) { + $current++; + + # For the first bookmark + if($last_id eq -1) { + $last_id = $hr->{'id'}; + $last{title} = $hr->{'title'}; + $last{url} = $hr->{'url'}; + $last{tags} = ""; + $last{timestamp} = $hr->{'date'}; + $last{access_level} = $hr->{'access_level'}; + } + + #if(($hr->{'id'} ne $last_id) || ($current eq $max)) { + if($hr->{'id'} ne $last_id) { + # the id changed, so show the last mark. + #my $url = sanitize_html($last{'url'}); + my $url = $last{'url'}; + my $title = $last{'title'}; + #my $title = sanitize_html($last{'title'}); + #$title =~ s/"/"/gi; + if(defined($last{tags})) { + if($last{tags} eq "") { + $last{tags} = "system:unfiled"; + } + } else { + $last{tags} = "system:unfiled"; + } + + if($last{url} ne "") { + my $tstr = time2str("%Y-%m-%dT%TZ", $last{timestamp}, "GMT"); + $writer->emptyTag('post', + 'access_level' => $last{access_level}, + 'href' => $url, + 'description' => $title, + 'tag' => $last{tags}, + 'time' => $tstr); + } + + # Swap the new one in. + $last_id = $hr->{'id'}; + $last{title} = $hr->{'title'}; + $last{url} = $hr->{'url'}; + $last{tags} = $hr->{'name'}; + $last{timestamp} = $hr->{'date'}; + $last{access_level} = $hr->{'access_level'}; + } else { + # Add tag to the current bookmark + if($hr->{'name'}) { + $last{tags} = "$last{tags} $hr->{'name'}"; + } + } + } + + if($last{'url'}) { + #$url = sanitize_html($last{'url'}); + #$title = sanitize_html($last{'title'}); + #$title =~ s/"/"/gi; + + $url = $last{'url'}; + $title = $last{'title'}; + + if(defined($last{tags})) { + if($last{tags} eq "") { + $last{tags} = "system:unfiled"; + } + } else { + $last{tags} = "system:unfiled"; + } + + if($last{url} ne "") { + my $tstr = time2str("%Y-%m-%dT%TZ", $last{timestamp}, "GMT"); + $writer->emptyTag('post', + 'access_level' => $last{access_level}, + 'href' => $url, + 'description' => $title, + 'tag' => $last{tags}, + 'time' => $tstr); + } + } + + $writer->endTag("posts"); +} + +1; +__END__ diff --git a/lib/Insipid/Main.pm b/lib/Insipid/Main.pm index 6101b65..8e406a4 100755 --- a/lib/Insipid/Main.pm +++ b/lib/Insipid/Main.pm @@ -115,10 +115,7 @@ sub main { if ( defined( url_param('op') ) ) { if ( url_param('op') eq 'export' ) { - if ( logged_in() ne 1 ) { - push( @errors,"You have to be logged in to perform that operation." ); - #return; - } + check_access(); my $sn = 'n'; if ( defined( param('snapshots') ) ) { @@ -281,14 +278,9 @@ IFORM login_form(); } - if ( ( param('op') eq 'add_bookmark' ) - || ( param('op') eq 'edit_bookmark' ) ) - { - - if ( logged_in() ne 1 ) { - push( @errors,"You have to be logged in to perform that operation." ); - #return; - } + if ( (param('op') eq 'add_bookmark' ) || (param('op') eq 'edit_bookmark' )) { + + check_access(); #check to see if the url is bookmarked, then indicate that this is an edit. my ( @@ -845,10 +837,7 @@ sub delete_bookmark { my ($id) = (@_); my ( $sql, $sth, $md5 ) = ( "", "", "" ); - if ( logged_in() ne 1 ) { - push( @errors, "You have to be logged in to perform that operation." ); - return; - } + check_access(); # Check for cached version to delete. $sql = "select $tbl_pagecache.md5 from $tbl_pagecache @@ -1222,10 +1211,7 @@ sub get_bookmark { sub update_bookmark { my ( $id, $url, $title, $description, $access_level, $tags ) = (@_); - if ( logged_in() ne 1 ) { - push( @errors, "You have to be logged in to perform that operation." ); - return; - } + check_access(); my $sql = "update $tbl_bookmarks set url = ?, md5 = ?, title = ?, description = ?, diff --git a/lib/Insipid/Tags.pm b/lib/Insipid/Tags.pm index 995b880..e15cdc1 100755 --- a/lib/Insipid/Tags.pm +++ b/lib/Insipid/Tags.pm @@ -45,10 +45,7 @@ tag_operations sub tag_operations { - if(logged_in() ne 1) { - push(@errors, "You have to be logged in to perform that operation."); - return; - } + check_access(); if(param('save') && param('newName')) { print '

Reanming...

'; @@ -257,10 +254,7 @@ sub get_tags_list { sub set_tags { my ($bookmark_id, $tag_string) = (@_); - if(logged_in() ne 1) { - push(@errors, "You have to be logged in to perform that operation."); - return; - } + check_access(); my @tags = split(" ", $tag_string); diff --git a/lib/Insipid/Util.pm b/lib/Insipid/Util.pm index 3072dfd..d78a013 100755 --- a/lib/Insipid/Util.pm +++ b/lib/Insipid/Util.pm @@ -1,79 +1,79 @@ -#!/usr/bin/perl -# -# Copyright (C) 2008 Luke Reeves -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 -# USA -# - -package Insipid::Util; - -use strict; -use warnings; - -use vars qw(@ISA @EXPORT @EXPORT_OK); - -use Insipid::Sessions; -use Insipid::Config; - -require Exporter; - -@ISA = qw(Exporter); - -@EXPORT = qw( -ims_time -sanitize_html -check_access -); - -@EXPORT_OK = qw(); - -my @DoW = qw(Sun Mon Tue Wed Thu Fri Sat); -my @MoY = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec); - -# TODO: If content is already sent, add the error to @errors instead of dying -sub check_access { - if(logged_in() ne 1) { - print "Content-Type: text/plain\r\n\r\n"; - print "You have to be logged in to perform that operation."; - exit; - } -} - -sub sanitize_html { - my ($orig) = (@_); - - $orig =~ s//>/gi; - - $orig =~ s/&/&/gi; - $orig =~ s/&/&/gi; - - return $orig; -} - - -# From http::date -sub ims_time { - my ($time) = (@_); - my ($sec, $min, $hour, $mday, $mon, $year, $wday) = gmtime($time); - return sprintf("%s, %02d %s %04d %02d:%02d:%02d GMT", - $DoW[$wday], - $mday, $MoY[$mon], $year+1900, - $hour, $min, $sec); -} - -1; -__END__ +#!/usr/bin/perl +# +# Copyright (C) 2008 Luke Reeves +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA +# + +package Insipid::Util; + +use strict; +use warnings; + +use vars qw(@ISA @EXPORT @EXPORT_OK); + +use Insipid::Sessions; +use Insipid::Config; + +require Exporter; + +@ISA = qw(Exporter); + +@EXPORT = qw( +ims_time +sanitize_html +check_access +); + +@EXPORT_OK = qw(); + +my @DoW = qw(Sun Mon Tue Wed Thu Fri Sat); +my @MoY = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec); + +# TODO: If content is already sent, add the error to @errors instead of dying +sub check_access { + if(logged_in() ne 1) { + #print "Content-Type: text/plain\r\n\r\n"; + print "You have to be logged in to perform that operation."; + exit; + } +} + +sub sanitize_html { + my ($orig) = (@_); + + $orig =~ s//>/gi; + + $orig =~ s/&/&/gi; + $orig =~ s/&/&/gi; + + return $orig; +} + + +# From http::date +sub ims_time { + my ($time) = (@_); + my ($sec, $min, $hour, $mday, $mon, $year, $wday) = gmtime($time); + return sprintf("%s, %02d %s %04d %02d:%02d:%02d GMT", + $DoW[$wday], + $mday, $MoY[$mon], $year+1900, + $hour, $min, $sec); +} + +1; +__END__ -- 2.39.5