1	# =====================================================================
     2	# wikiFilter.awk: content filtering function for wiki editable content.
     3	#
     4	# Copyright (c) 2007,2008,2009,2010 Carlo Strozzi
     5	#
     6	# This program is free software; you can redistribute it and/or modify
     7	# it under the terms of the GNU General Public License as published by
     8	# the Free Software Foundation; version 2 dated June, 1991.
     9	#
    10	# This program is distributed in the hope that it will be useful,
    11	# but WITHOUT ANY WARRANTY; without even the implied warranty of
    12	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13	# GNU General Public License for more details.
    14	#
    15	# You should have received a copy of the GNU General Public License
    16	# along with this program; if not, write to the Free Software
    17	# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
    18	#
    19	# =====================================================================
    20	
    21	# =====================================================================
    22	# string wikiFilter(string content, string groupdir)
    23	# =====================================================================
    24	
    25	function wikiFilter(content,groupdir,	   value,tmp,tmp1,tmp2,a,i,j) {
    26	
    27	   value = _strip(content)
    28	
    29	   # Apply filtering for allowed [X]HTML markup, beside the
    30	   # filtering already done by either an AJAX GUI on the client
    31	   # side or by a server side parser, such as 'tw-parsewiki'.
    32	
    33	   while (sub(/<[Bb]*[Bb][Oo][Dd][Yy][^>]*>/,_NULL,value));
    34	   while (sub(/<\/[Bb]*[Bb][Oo][Dd][Yy][^>]*>/,_NULL,value));
    35	
    36	   while (sub(/<[Hh]*[Ee][Aa][Dd][^>]*>/,_NULL,value));
    37	   while (sub(/<\/[Hh]*[Ee][Aa][Dd][^>]*>/,_NULL,value));
    38	
    39	   # Caveat: currently it is not possible for the user to enter a
    40	   # <form> element in the editing textarea, or it will interefere
    41	   # with the editing form in the confirmation page, like any <form>
    42	   # embedded in an outer <form>. This can be overcome in the future
    43	   # possibly by intriducing a new (::form:) ... (:form::) CPI that
    44	   # tweaks the inner <form> in the confirmation page as appropriate.
    45	   # In fact, thanks to the new "form" attribute available for input
    46	   # fields in HTML5, it may be possible to accomplish the same result
    47	   # even without a new CPI.
    48	
    49	   if (_TNS_CMS_FILTER != "parsewiki") {
    50	
    51	      # Filtering out <script> elements can still be defeated, just think
    52	      # of this:
    53	      #
    54	      # <form>
    55	      # <input type="button" onclick=
    56	      # "alert('Are you sure you want to give us the deed to your house?')" 
    57	      # value="Confirmation Alert">
    58	      # </form>
    59	      #
    60	      # This is why on a publicly editable wiki, where clients are not
    61	      # required to authenticate or just there can be too many of them,
    62	      # we should never allow raw HTML and rather go for the "wiki" mode
    63	      # by restricting TNS_ALLOW_GUI in 'group+cf'. Conversely, on a wiki
    64	      # with only a few well-known editors we can let the latter use raw
    65	      # HTML (either directly or through a GUI), without even removing
    66	      # those <script> elements. This is now configurable with the group+cf
    67	      # option TNS_CMS_UNSAFE .
    68	      #
    69	      # See also here:
    70	      # http://www.usemod.com/cgi-bin/wiki.pl?action=browse&id=HtmlTags&oldid=RawHtml
    71	      if (_bool(ENVIRON["TNS_CMS_UNSAFE"]) != _TRUE)
    72		 gsub(/<[Ss]*[Cc][Rr][Ii][Pp][Tt][^>]*>.*<\/[Ss]*[Cc][Rr][Ii][Pp][Tt][^>]*>/,_NULL,value)
    73	   }
    74	
    75	   # A page containing only these characters is considered to be empty.
    76	   if (value ~ /^[ \t\r\n]*$/) value = _NULL
    77	
    78	   # Prevent complaints from tidy(1). Note the use of a *real* block-
    79	   # level element as a container, and not by a pseudo-block element
    80	   # such as <p> ... </p>.
    81	
    82	   else if (_bool(ENVIRON["CSA_XMLISH"]) == _TRUE && \
    83		value !~ /^(<|(\(:))/ && _TNS_CMS_FILTER != "parsewiki")
    84					value = "<span>" value "</span>"
    85	
    86	   # Thoughts on XHTML vs. HTML.
    87	   #
    88	   # The '<p>' element was probably never meant to be a block element but
    89	   # rather a void element, like <br>, <hr> and others. This is easy to
    90	   # prove by observing how a construct such as <p><p></p></p> would rise
    91	   # an exception in both HTML and XHTML, in spite of being perfectly OK
    92	   # with XML if we leave the DTD out. After having been a fan of XHTML
    93	   # for quite some time, I must admit that it is probably not such a
    94	   # brilliant idea after all, because in the end XML and HTML do not
    95	   # mix well. The only sane way to handle a '<p><p></p></p>' is to ignore
    96	   # the </p>'s altogether and only consider the <p>'s, which is what HTML
    97	   # parsers do. The best bet to try and "fix" the [X]HTML code received
    98	   # is probably to strip any closing tags related to void elements, and
    99	   # consider the result as plain HTML. This is what I do here in HTML
   100	   # mode and let the client-side HTML browser apply their own graceful
   101	   # error recovery, something that HTML parsers, unlike XHTML ones, are
   102	   # very good at.
   103	   
   104	   # See http://dev.w3.org/html5/markup/syntax.html for more
   105	   # on void elements in HTML5.
   106	   if (_bool(ENVIRON["CSA_XMLISH"]) == _FALSE) {
   107	      gsub(/<\/(area|base|br|col|command|embed|hr|img|input|link|meta|param|source)>/,_NULL,value)
   108	      gsub(/<\/p>/,_NULL,value)
   109	
   110	      # Strip also any "/>" XML-ism, unless wiki syntax.
   111	      if (_TNS_CMS_FILTER != "parsewiki") gsub(/ *\/ *>/,">",value)
   112	   }
   113	
   114	   # NOTE: the code below was meant to try and fix several TinyMCE bugs
   115	   # when working in XHTML-ish mode, but unfortunately, while it has
   116	   # proven to work in almost all cases, there are exceptions where it
   117	   # can throw mawk(1) into a loop, depending on on the input data.
   118	   # For that reason I'm leaving it commented-out. On the other hand,
   119	   # TinyMCE formatting bugs seem to be quite many, at least as of
   120	   # version v2.0.9, and I can't work around them all.
   121	
   122	   # ---------------------- begin TinyMCE buggery ----------------------
   123	   #
   124	   # More tidiness follows (experimental, we'll see). This is mostly
   125	   # done to work around incorrect code that may leak unfixed through
   126	   # some WYSIWYG editors, such as TinyMCE v2.0.9, whereby leading,
   127	   # middle and trailing "orphan" #CDATA are left unfixed.
   128	   #
   129	   # That is, "one<p>two</p>three<p>four</p>five" should be turned by the
   130	   # editor into "<p>one</p><p>two</p><p>three</p><p>four</p><p>five</p>",
   131	   # but it is not, and the backend tidy(1) will complain.
   132	   #
   133	   # Now, fixing "one<p>" and </p>five" is easy, and I'm doing it here,
   134	   # while "</p>three<p>" is much more complicated and I'm not doing it
   135	   # yet, but it is less likely to occur (unless one purposefully types
   136	   # it by hand in raw XHTML, which is unlike to occur, unless it is
   137	   # done intentionally, in which case I don't care. Note: order is
   138	   # important in the tests below. NOTE: this code seems to occasionally
   139	   # throw mawk into a loop, depending on the inout data, so I am
   140	   # leaving it commented out at the moment. Again, I cannot go after
   141	   # every single TinyMCE bug!
   142	   #
   143	   # leading "orphan" #CDATA with embedded empty tags.
   144	   #sub(/^([^<]+(<[^>]+ *\/ *>)[^<]*)+/,"<p>&</p>",value)
   145	   #
   146	   # leading "orphan" #CDATA without embedded empty tags.
   147	   #sub(/^[^<]+/,"<p>&</p>",value)	# leading "orphan" #CDATA
   148	   #
   149	   # trailing "orphan" #CDATA with embedded empty tags (this was
   150	   # the looping bit, verified on 'Ziano -> L'Economia' as it was
   151	   # on on April 7th, 2007).
   152	   #sub(/([^>]+(<[^>]+ *\/ *>)[^>]*)+$/,"<p>&</p>",value)
   153	   #
   154	   # trailing "orphan" #CDATA without embedded empty tags.
   155	   #sub(/[^>]+$/,"<p>&</p>",value)
   156	   #
   157	   # Try and fix missing </td></tr> occasionally caused by TinyMCE
   158	   # just before </table>. I'm not handling possible </tbody> here,
   159	   # but, hey, I can't work around every single TinyMCE bug!
   160	   #
   161	   #gsub(/<\/table>/,"</tr></table>",value)
   162	   #gsub(/<\/tbody>/,"</tr></tbody>",value)
   163	   #gsub(/<\/tr>[^<]*<\/tr>/,"</tr>",value)
   164	   #
   165	   #gsub(/<\/tr>/,"</td></tr>",value)
   166	   #gsub(/<\/td>[^<]*<\/td>/,"</td>",value)
   167	   #
   168	   #gsub(/<\/tbody>[^<]*<\/td><\/tr><\/table>/,"</tbody></table>",value)
   169	   #
   170	   # ------------------------ end TinyMCE buggery ----------------------
   171	
   172	   # Now try and identify either absolute or canonical URLs pointing
   173	   # at pages in this same group.
   174	
   175	   #tmp = "<a[ \\t\\r\\n]+href[ \\t\\r\\n]*=[ \\t\\r\\n]*['\"]"
   176	   #tmp = "<a[^a-z]+[^>]*[^a-z]href[^a-z=]*=[^'\"]*['\"]"
   177	
   178	   i = split(value,a,/<a[^a-z]+/)
   179	
   180	   value = a[1]
   181	
   182	   for (j=2; j<=i; j++) {
   183	
   184	       # The "\001" trick below is not to be fooled by an "href="
   185	       # other than the one at the beginning of the matched string.
   186	
   187	       sub(/href/,"\001",a[j])
   188	
   189	       # I'm only concerned with href anchors here.
   190	
   191	       #if (a[j] !~ /[^a-z]*\001[^a-z=]*=[^a-z]+(http|\/)/) {
   192	       if (a[j] !~ /[^\001]*\001[^=]*=[^a-z]+/) {
   193		  sub(/\001/," href",a[j])
   194	          value = value "<a " a[j]
   195		  continue
   196	       }
   197	
   198	       tmp2 = a[j]
   199	       sub(/[^\001]*\001[^=]*=[^'"]*['"]/,_NULL,a[j])
   200	       sub(/\001.*/,_NULL,tmp2)
   201	
   202	       sub(/\001/," href",a[j])		# revert the \001 trick.
   203	
   204	       # The URI-decoding process done by _uncgi() on the input
   205	       # editing textarea correctly turned "%27" into "'".
   206	       # Unfortunately, being the "'" character possibly usable
   207	       # as an XML attribute quoting mechanism, things may get
   208	       # screwed-up if the input textarea contains URLs with
   209	       # apostrophes, i.e.:
   210	       #
   211	       # <a href='http://host/people/O%27Brian'>#CDATA</a>
   212	       #
   213	       # In the presence of such a URL, _uncgi() would decode it
   214	       # into <a href='http://host/people/O'Brian'>#CDATA</a> and
   215	       # thus the code below would wrongly recognize that URL as
   216	       # "http://host/people/O". This would lead to consider non-existent,
   217	       # and thus marked with '?', wiki pages which in fact do exist.
   218	       # To overcome this problem I need to re-encode the "'" that was
   219	       # decoded by _uncgi() before doing the rest of the processing.
   220	       #
   221	       # Note: this is currently disabled after the changes in the
   222	       # URI-decoding process introduced with CSA v.1.1.4. Do not
   223	       # remove it though, as it still unclear whether it is needed
   224	       # or not.
   225	       #
   226	       #tmp = a[j]
   227	       #sub(/>.*/,">",tmp)
   228	       #gsub(/'[^>]/,"\001&",tmp)
   229	       #gsub(/\001'/,"%27",tmp)
   230	       #a[j] = tmp substr(a[j],index(a[j],">")+1)
   231	
   232	       # Matching criteria:
   233	       #
   234	       # 1) '$TNS_CGI_PAT/string1/string2[/...]' is considered to be
   235	       #    a page named 'string2' in group 'string1'.
   236	       #
   237	       # 2) '/string' (NOT prefixed by $TNS_CGI_PAT) is considered to be
   238	       #    an absolute path with respect to the web server document root.
   239	       #
   240	       # 3) '[./]string' is considered to be a path relative to the
   241	       #    'base href=' value, so basically a non-TW object.
   242	       #
   243	       # Different groups may require different access rights, so it
   244	       # is perferable not to expose the (non-) existence of a page in
   245	       # a different realm to a user of the current realm. Because of
   246	       # this, no attemps will be made to assess whether a link to a
   247	       # page in a different realm actually points at an existing
   248	       # resource. That is, nonexistant pages in a different group
   249	       # will not be marked as missing.
   250	
   251	       sub(/['"]/,"'",a[j])			# trailing quote.
   252	
   253	       # URLs to static objects will be left unchanged, we
   254	       # are only concerned with same-group wiki links here.
   255	
   256	       tmp = "^(" _escreg(ENVIRON["CSA_CGI_STEM"]) "|" \
   257		     _escreg(ENVIRON["CSA_RPC_URI"]) ")/" \
   258		     _escreg(ENVIRON["CSA_LANG"]) "/"
   259	
   260	       if (a[j] ~ tmp) {
   261	
   262		  tmp1 = a[j]
   263		  sub(/'.*/,_NULL,tmp1)
   264	
   265		  # Check if matching URL points at a page in the same wiki group.
   266		  sub(tmp,_NULL,tmp1)
   267		  sub(/\/.*/,_NULL,tmp1)
   268		  if (unixify(_uridecode(tmp1,_O_PATHINFO)) == groupdir)
   269						a[j] = wikiLink(a[j],groupdir)
   270	       }
   271	
   272	       # This is to make sure hyperlinks do not contain blanks,
   273	       # or the W3C validator may complain.
   274	
   275	       tmp1 = a[j]
   276	       sub(/['"].*/,_NULL,tmp1)
   277	       sub(/[^'"]+/,_NULL,a[j])
   278	       gsub(/ /,"+",tmp1)
   279	       a[j] = tmp1 a[j]
   280	
   281	       # Now spot external links and label them as such.
   282	
   283	       a[j] = "href=" a[j]
   284	       sub(/=/,"='",a[j])			# leading quote.
   285	
   286	       if (_csa("confirmed") != _TRUE) a[j] = extLink("<a " tmp2 a[j])
   287	       else {
   288		  a[j] = "<a " tmp2 a[j]
   289	
   290		  # This is currently not necessary.
   291		  #sub(/tw-extlink/," ",a[j])
   292		  #sub(/[^a-z]class=[^"']*['"] *['"]/,_NULL,a[j])
   293	       }
   294	
   295	       value = value a[j]
   296	   }
   297	
   298	   # TOC entries are sticky, i.e. the relevant tags are permanently
   299	   # translated to HTML and they are handled here as opposed than
   300	   # by '_wikicpi()'.
   301	
   302	   if (_csa("confirmed") == _TRUE) {
   303	      i = 1
   304	      tmp = ENVIRON["CSA_TIME_ISO"]
   305	      gsub(/ /,"T",tmp)
   306	      gsub(/:/,"_",tmp)
   307	      tmp = tmp "." ENVIRON["CSA_RID"]
   308	      while (sub(/\(:a:\)/,"<a id='a" tmp "." i++ "'></a>",value));
   309	   }
   310	
   311	   return value			# return the filtered content.
   312	}
   313	
   314	# EOF