aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorJoey Hess <joeyh@joeyh.name>2015-05-14 11:37:47 -0400
committerJoey Hess <joeyh@joeyh.name>2015-05-14 11:58:21 -0400
commitab1bba9daba5500e1b154579518369974cc6041a (patch)
treee4684113a149c92ba09fd7217c6a85d6f040d6d6 /IkiWiki
parent2a64eea0f51a431abe9c0a7c73a61f3177977790 (diff)
downloadikiwiki-ab1bba9daba5500e1b154579518369974cc6041a.tar
ikiwiki-ab1bba9daba5500e1b154579518369974cc6041a.tar.gz
cloak user PII when making commits etc, and let cloaked PII be used in banned_users
This was needed due to emailauth, but I've also wrapped all IP address exposure in cloak(), although the function doesn't yet cloak IP addresses. (One IP address I didn't cloak is the one that appears on the password reset email template. That is expected to be the user's own IP address, so ok to show it to them.) Thanks to smcv for the pointer to http://xmlns.com/foaf/spec/#term_mbox_sha1sum
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/CGI.pm9
-rw-r--r--IkiWiki/Plugin/bzr.pm4
-rw-r--r--IkiWiki/Plugin/comments.pm4
-rw-r--r--IkiWiki/Plugin/cvs.pm4
-rw-r--r--IkiWiki/Plugin/darcs.pm4
-rw-r--r--IkiWiki/Plugin/git.pm2
-rw-r--r--IkiWiki/Plugin/mercurial.pm4
-rw-r--r--IkiWiki/Plugin/monotone.pm4
-rw-r--r--IkiWiki/Plugin/svn.pm4
-rw-r--r--IkiWiki/Plugin/tla.pm4
10 files changed, 23 insertions, 20 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index d801c72a0..1763828a4 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -336,16 +336,19 @@ sub check_banned ($$) {
my $banned=0;
my $name=$session->param("name");
+ my $cloak=cloak($name) if defined $name;
if (defined $name &&
- grep { $name eq $_ } @{$config{banned_users}}) {
+ grep { $name eq $_ || $cloak eq $_ } @{$config{banned_users}}) {
$banned=1;
}
foreach my $b (@{$config{banned_users}}) {
if (pagespec_match("", $b,
ip => $session->remote_addr(),
- name => defined $name ? $name : "",
- )) {
+ name => defined $name ? $name : "")
+ || pagespec_match("", $b,
+ ip => cloak($session->remote_addr()),
+ name => defined $cloak ? $cloak : "")) {
$banned=1;
last;
}
diff --git a/IkiWiki/Plugin/bzr.pm b/IkiWiki/Plugin/bzr.pm
index e2b102dee..5ec254f84 100644
--- a/IkiWiki/Plugin/bzr.pm
+++ b/IkiWiki/Plugin/bzr.pm
@@ -133,10 +133,10 @@ sub bzr_author ($) {
my $ipaddr=$session->remote_addr();
if (defined $user) {
- return IkiWiki::possibly_foolish_untaint($user);
+ return IkiWiki::possibly_foolish_untaint(IkiWiki::cloak($user));
}
elsif (defined $ipaddr) {
- return "Anonymous from ".IkiWiki::possibly_foolish_untaint($ipaddr);
+ return "Anonymous from ".IkiWiki::possibly_foolish_untaint(IkiWiki::cloak($ipaddr));
}
else {
return "Anonymous";
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index eaa924e51..ad813d19d 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -466,7 +466,7 @@ sub editcomment ($$) {
my $content = "[[!comment format=$type\n";
if (defined $session->param('name')) {
- my $username = $session->param('name');
+ my $username = IkiWiki::cloak($session->param('name'));
$username =~ s/"/&quot;/g;
$content .= " username=\"$username\"\n";
}
@@ -479,7 +479,7 @@ sub editcomment ($$) {
if (!(defined $session->param('name') || defined $session->param('nickname')) &&
defined $session->remote_addr()) {
- $content .= " ip=\"".$session->remote_addr()."\"\n";
+ $content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n";
}
if ($config{comments_allowauthor}) {
diff --git a/IkiWiki/Plugin/cvs.pm b/IkiWiki/Plugin/cvs.pm
index 841aec914..8989a26e3 100644
--- a/IkiWiki/Plugin/cvs.pm
+++ b/IkiWiki/Plugin/cvs.pm
@@ -456,12 +456,12 @@ sub commitmessage (@) {
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
return "web commit by ".
- $params{session}->param("name").
+ IkiWiki::cloak($params{session}->param("name")).
(length $params{message} ? ": $params{message}" : "");
}
elsif (defined $params{session}->remote_addr()) {
return "web commit from ".
- $params{session}->remote_addr().
+ IkiWiki::cloak($params{session}->remote_addr()).
(length $params{message} ? ": $params{message}" : "");
}
}
diff --git a/IkiWiki/Plugin/darcs.pm b/IkiWiki/Plugin/darcs.pm
index 646f65df1..9dccd95a4 100644
--- a/IkiWiki/Plugin/darcs.pm
+++ b/IkiWiki/Plugin/darcs.pm
@@ -147,10 +147,10 @@ sub commitauthor (@) {
my $author="anon\@web";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
- return $params{session}->param("name").'@web';
+ return IkiWiki::cloak($params{session}->param("name")).'@web';
}
elsif (defined $params{session}->remote_addr()) {
- return $params{session}->remote_addr().'@web';
+ return IkiWiki::cloak($params{session}->remote_addr()).'@web';
}
}
return 'anon@web';
diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm
index 75b89e476..4d48388a0 100644
--- a/IkiWiki/Plugin/git.pm
+++ b/IkiWiki/Plugin/git.pm
@@ -579,7 +579,7 @@ sub rcs_commit_helper (@) {
$u=$params{session}->remote_addr();
}
if (defined $u) {
- $u=encode_utf8($u);
+ $u=encode_utf8(IkiWiki::cloak($u));
$ENV{GIT_AUTHOR_NAME}=$u;
}
if (defined $params{session}->param("nickname")) {
diff --git a/IkiWiki/Plugin/mercurial.pm b/IkiWiki/Plugin/mercurial.pm
index 8da4ceb07..9f0c5b721 100644
--- a/IkiWiki/Plugin/mercurial.pm
+++ b/IkiWiki/Plugin/mercurial.pm
@@ -183,10 +183,10 @@ sub rcs_commit_helper (@) {
my $user="Anonymous";
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
- $user = $params{session}->param("name");
+ $user = IkiWiki::cloak($params{session}->param("name"));
}
elsif (defined $params{session}->remote_addr()) {
- $user = $params{session}->remote_addr();
+ $user = IkiWiki::cloak($params{session}->remote_addr());
}
my $nickname=$user;
diff --git a/IkiWiki/Plugin/monotone.pm b/IkiWiki/Plugin/monotone.pm
index 105627814..b0bba5661 100644
--- a/IkiWiki/Plugin/monotone.pm
+++ b/IkiWiki/Plugin/monotone.pm
@@ -310,10 +310,10 @@ sub commitauthor (@) {
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
- return "Web user: " . $params{session}->param("name");
+ return "Web user: " . IkiWiki::cloak($params{session}->param("name"));
}
elsif (defined $params{session}->remote_addr()) {
- return "Web IP: " . $params{session}->remote_addr();
+ return "Web IP: " . IkiWiki::cloak($params{session}->remote_addr());
}
}
return "Web: Anonymous";
diff --git a/IkiWiki/Plugin/svn.pm b/IkiWiki/Plugin/svn.pm
index fd11f2c63..c46a52dcf 100644
--- a/IkiWiki/Plugin/svn.pm
+++ b/IkiWiki/Plugin/svn.pm
@@ -147,12 +147,12 @@ sub commitmessage (@) {
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
return "web commit by ".
- $params{session}->param("name").
+ IkiWiki::cloak($params{session}->param("name")).
(length $params{message} ? ": $params{message}" : "");
}
elsif (defined $params{session}->remote_addr()) {
return "web commit from ".
- $params{session}->remote_addr().
+ IkiWiki::cloak($params{session}->remote_addr()).
(length $params{message} ? ": $params{message}" : "");
}
}
diff --git a/IkiWiki/Plugin/tla.pm b/IkiWiki/Plugin/tla.pm
index 11be248e8..c2fffbced 100644
--- a/IkiWiki/Plugin/tla.pm
+++ b/IkiWiki/Plugin/tla.pm
@@ -108,12 +108,12 @@ sub rcs_commit (@) {
if (defined $params{session}) {
if (defined $params{session}->param("name")) {
$message="web commit by ".
- $params{session}->param("name").
+ IkiWiki::cloak($params{session}->param("name")).
(length $message ? ": $message" : "");
}
elsif (defined $params{session}->remote_addr()) {
$message="web commit from ".
- $params{session}->remote_addr().
+ IkiWiki::cloak($params{session}->remote_addr()).
(length $message ? ": $message" : "");
}
}