From 282d636f25b71ecb3c37012033d25fd10ba9c83e Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Thu, 16 Jul 2015 02:29:53 -0400 Subject: Change interwiki links to HTTPS --- conf/interwiki.conf | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/conf/interwiki.conf b/conf/interwiki.conf index 4857e27f3..3bfc2ac73 100644 --- a/conf/interwiki.conf +++ b/conf/interwiki.conf @@ -8,28 +8,29 @@ # To prevent losing your added InterWiki shortcuts after an upgrade, # you should add new ones to interwiki.local.conf -wp http://en.wikipedia.org/wiki/{NAME} -wpfr http://fr.wikipedia.org/wiki/{NAME} -wpde http://de.wikipedia.org/wiki/{NAME} -wpes http://es.wikipedia.org/wiki/{NAME} -wppl http://pl.wikipedia.org/wiki/{NAME} -wpjp http://ja.wikipedia.org/wiki/{NAME} -wpmeta http://meta.wikipedia.org/wiki/{NAME} -doku http://www.dokuwiki.org/ -dokubug http://bugs.dokuwiki.org/index.php?do=details&task_id= -rfc http://tools.ietf.org/html/rfc +wp https://en.wikipedia.org/wiki/{NAME} +wpfr https://fr.wikipedia.org/wiki/{NAME} +wpde https://de.wikipedia.org/wiki/{NAME} +wpes https://es.wikipedia.org/wiki/{NAME} +wppl https://pl.wikipedia.org/wiki/{NAME} +wpjp https://ja.wikipedia.org/wiki/{NAME} +wpmeta https://meta.wikipedia.org/wiki/{NAME} +doku https://www.dokuwiki.org/ +dokubug https://bugs.dokuwiki.org/index.php?do=details&task_id= +dokugit https://github.com/splitbrain/dokuwiki/issues/ +rfc https://tools.ietf.org/html/rfc man http://man.cx/ amazon http://www.amazon.com/exec/obidos/ASIN/{URL}/splitbrain-20/ -amazon.de http://www.amazon.de/exec/obidos/ASIN/{URL}/splitbrain-21/ -amazon.uk http://www.amazon.co.uk/exec/obidos/ASIN/ +amazon.de https://www.amazon.de/exec/obidos/ASIN/{URL}/splitbrain-21/ +amazon.uk https://www.amazon.co.uk/exec/obidos/ASIN/ paypal https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business= -phpfn http://www.php.net/{NAME} +phpfn https://www.php.net/{NAME} coral http://{HOST}.{PORT}.nyud.net:8090{PATH}?{QUERY} freecache http://freecache.org/{NAME} sb http://www.splitbrain.org/go/ skype skype:{NAME} -google.de http://www.google.de/search?q= -go http://www.google.com/search?q={URL}&btnI=lucky +google.de https://www.google.de/search?q= +go https://www.google.com/search?q={URL}&btnI=lucky user :user:{NAME} # To support VoIP/SIP/TEL links -- cgit v1.2.3 From ccee93d9d1aa20ccc91f9277983d7fa2ee34f7f9 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Thu, 16 Jul 2015 02:50:41 -0400 Subject: Unit test for interwiki URL encoding bug --- .../inc/parser/renderer_resolveinterwiki.test.php | 20 ++++++++++---------- conf/interwiki.conf | 2 +- inc/parser/renderer.php | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/_test/tests/inc/parser/renderer_resolveinterwiki.test.php b/_test/tests/inc/parser/renderer_resolveinterwiki.test.php index dd1ed1d3f..9cc3443eb 100644 --- a/_test/tests/inc/parser/renderer_resolveinterwiki.test.php +++ b/_test/tests/inc/parser/renderer_resolveinterwiki.test.php @@ -17,18 +17,18 @@ class Test_resolveInterwiki extends DokuWikiTest { $tests = array( // shortcut, reference and expected - array('wp', 'foo @+%/#txt', 'http://en.wikipedia.org/wiki/foo @+%/#txt'), - array('amazon', 'foo @+%/#txt', 'http://www.amazon.com/exec/obidos/ASIN/foo%20%40%2B%25%2F/splitbrain-20/#txt'), - array('doku', 'foo @+%/#txt', 'http://www.dokuwiki.org/foo%20%40%2B%25%2F#txt'), - array('coral', 'http://example.com:83/path/naar/?query=foo%20%40%2B%25%2F', 'http://example.com.83.nyud.net:8090/path/naar/?query=foo%20%40%2B%25%2F'), + array('wp', 'foo [\\]^`{|}~@+#%?/#txt', 'https://en.wikipedia.org/wiki/foo %7E%5B%5C%5D%5E%60%7B%7C%7D%7E@+%23%25%3F/#txt'), + array('amazon', 'foo [\\]^`{|}~@+#%?/#txt', 'https://www.amazon.com/exec/obidos/ASIN/foo%20%7E%5B%5C%5D%5E%60%7B%7C%7D%7E%40%2B%23%25%3F%2F/splitbrain-20/#txt'), + array('doku', 'foo [\\]^`{|}~@+#%?/#txt', 'https://www.dokuwiki.org/foo%20%7E%5B%5C%5D%5E%60%7B%7C%7D%7E%40%2B%23%25%3F%2F#txt'), + array('coral', 'http://example.com:83/path/naar/?query=foo%20%40%2B%25%3F%2F', 'http://example.com.83.nyud.net:8090/path/naar/?query=foo%20%40%2B%25%3F%2F'), array('scheme', 'ftp://foo @+%/#txt', 'ftp://example.com#txt'), //relative url - array('withslash', 'foo @+%/#txt', '/testfoo%20%40%2B%25%2F#txt'), - array('skype', 'foo @+%/#txt', 'skype:foo @+%/#txt'), + array('withslash', 'foo [\\]^`{|}~@+#%?/#txt', '/testfoo%20%7E%5B%5C%5D%5E%60%7B%7C%7D%7E%40%2B%23%25%3F%2F#txt'), + array('skype', 'foo [\\]^`{|}~@+#%?/#txt', 'skype:foo %7E%5B%5C%5D%5E%60%7B%7C%7D%7E@+%23%25?/#txt'), //dokuwiki id's - array('onlytext', 'foo @+%#txt', DOKU_BASE.'doku.php?id=onlytextfoo#txt'), - array('user', 'foo @+%#txt', DOKU_BASE.'doku.php?id=user:foo#txt'), - array('withquery', 'foo @+%#txt', DOKU_BASE.'doku.php?id=anyns:foo&do=edit#txt') + array('onlytext', 'foo [\\]^`{|}~@+#%?/#txt', DOKU_BASE.'doku.php?id=onlytextfoo#txt'), + array('user', 'foo [\\]^`{|}~@+#%?/#txt', DOKU_BASE.'doku.php?id=user:foo#txt'), + array('withquery', 'foo [\\]^`{|}~@+#%?/#txt', DOKU_BASE.'doku.php?id=anyns:foo&do=edit#txt') ); foreach($tests as $test) { @@ -45,7 +45,7 @@ class Test_resolveInterwiki extends DokuWikiTest { $shortcut = 'nonexisting'; $reference = 'foo @+%/'; $url = $Renderer->_resolveInterWiki($shortcut, $reference); - $expected = 'http://www.google.com/search?q=foo%20%40%2B%25%2F&btnI=lucky'; + $expected = 'https://www.google.com/search?q=foo%20%40%2B%25%2F&btnI=lucky'; $this->assertEquals($expected, $url); } diff --git a/conf/interwiki.conf b/conf/interwiki.conf index 3bfc2ac73..18de535f0 100644 --- a/conf/interwiki.conf +++ b/conf/interwiki.conf @@ -20,7 +20,7 @@ dokubug https://bugs.dokuwiki.org/index.php?do=details&task_id= dokugit https://github.com/splitbrain/dokuwiki/issues/ rfc https://tools.ietf.org/html/rfc man http://man.cx/ -amazon http://www.amazon.com/exec/obidos/ASIN/{URL}/splitbrain-20/ +amazon https://www.amazon.com/exec/obidos/ASIN/{URL}/splitbrain-20/ amazon.de https://www.amazon.de/exec/obidos/ASIN/{URL}/splitbrain-21/ amazon.uk https://www.amazon.co.uk/exec/obidos/ASIN/ paypal https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business= diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php index 35bdd0e3f..d5cc68367 100644 --- a/inc/parser/renderer.php +++ b/inc/parser/renderer.php @@ -806,7 +806,7 @@ class Doku_Renderer extends DokuWiki_Plugin { $url = $this->interwiki[$shortcut]; } else { // Default to Google I'm feeling lucky - $url = 'http://www.google.com/search?q={URL}&btnI=lucky'; + $url = 'https://www.google.com/search?q={URL}&btnI=lucky'; $shortcut = 'go'; } -- cgit v1.2.3 From 17e17ae257649aef67c693d01e8992ece86eabd2 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Thu, 16 Jul 2015 12:35:56 -0400 Subject: Encode unsafe characters in interwiki links. closes #1220 --- .../tests/inc/parser/renderer_resolveinterwiki.test.php | 16 ++++++++-------- inc/parser/renderer.php | 12 ++++++++++-- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/_test/tests/inc/parser/renderer_resolveinterwiki.test.php b/_test/tests/inc/parser/renderer_resolveinterwiki.test.php index 9cc3443eb..8379bc065 100644 --- a/_test/tests/inc/parser/renderer_resolveinterwiki.test.php +++ b/_test/tests/inc/parser/renderer_resolveinterwiki.test.php @@ -17,18 +17,18 @@ class Test_resolveInterwiki extends DokuWikiTest { $tests = array( // shortcut, reference and expected - array('wp', 'foo [\\]^`{|}~@+#%?/#txt', 'https://en.wikipedia.org/wiki/foo %7E%5B%5C%5D%5E%60%7B%7C%7D%7E@+%23%25%3F/#txt'), - array('amazon', 'foo [\\]^`{|}~@+#%?/#txt', 'https://www.amazon.com/exec/obidos/ASIN/foo%20%7E%5B%5C%5D%5E%60%7B%7C%7D%7E%40%2B%23%25%3F%2F/splitbrain-20/#txt'), - array('doku', 'foo [\\]^`{|}~@+#%?/#txt', 'https://www.dokuwiki.org/foo%20%7E%5B%5C%5D%5E%60%7B%7C%7D%7E%40%2B%23%25%3F%2F#txt'), + array('wp', 'foo [\\]^`{|}~@+#%?/#txt', 'https://en.wikipedia.org/wiki/foo %5B%5C%5D%5E%60%7B%7C%7D~@+%23%25?/#txt'), + array('amazon', 'foo [\\]^`{|}~@+#%?/#txt', 'https://www.amazon.com/exec/obidos/ASIN/foo%20%5B%5C%5D%5E%60%7B%7C%7D~%40%2B%23%25%3F%2F/splitbrain-20/#txt'), + array('doku', 'foo [\\]^`{|}~@+#%?/#txt', 'https://www.dokuwiki.org/foo%20%5B%5C%5D%5E%60%7B%7C%7D~%40%2B%23%25%3F%2F#txt'), array('coral', 'http://example.com:83/path/naar/?query=foo%20%40%2B%25%3F%2F', 'http://example.com.83.nyud.net:8090/path/naar/?query=foo%20%40%2B%25%3F%2F'), array('scheme', 'ftp://foo @+%/#txt', 'ftp://example.com#txt'), //relative url - array('withslash', 'foo [\\]^`{|}~@+#%?/#txt', '/testfoo%20%7E%5B%5C%5D%5E%60%7B%7C%7D%7E%40%2B%23%25%3F%2F#txt'), - array('skype', 'foo [\\]^`{|}~@+#%?/#txt', 'skype:foo %7E%5B%5C%5D%5E%60%7B%7C%7D%7E@+%23%25?/#txt'), + array('withslash', 'foo [\\]^`{|}~@+#%?/#txt', '/testfoo%20%5B%5C%5D%5E%60%7B%7C%7D~%40%2B%23%25%3F%2F#txt'), + array('skype', 'foo [\\]^`{|}~@+#%?/#txt', 'skype:foo %5B%5C%5D%5E%60%7B%7C%7D~@+%23%25?/#txt'), //dokuwiki id's - array('onlytext', 'foo [\\]^`{|}~@+#%?/#txt', DOKU_BASE.'doku.php?id=onlytextfoo#txt'), - array('user', 'foo [\\]^`{|}~@+#%?/#txt', DOKU_BASE.'doku.php?id=user:foo#txt'), - array('withquery', 'foo [\\]^`{|}~@+#%?/#txt', DOKU_BASE.'doku.php?id=anyns:foo&do=edit#txt') + array('onlytext', 'foo [\\]^`{|}~@+#%/#txt', DOKU_BASE.'doku.php?id=onlytextfoo#txt'), + array('user', 'foo [\\]^`{|}~@+#%/#txt', DOKU_BASE.'doku.php?id=user:foo#txt'), + array('withquery', 'foo [\\]^`{|}~@+#%/#txt', DOKU_BASE.'doku.php?id=anyns:foo&do=edit#txt') ); foreach($tests as $test) { diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php index d5cc68367..d7a3faef8 100644 --- a/inc/parser/renderer.php +++ b/inc/parser/renderer.php @@ -811,13 +811,21 @@ class Doku_Renderer extends DokuWiki_Plugin { } //split into hash and url part - @list($reference, $hash) = explode('#', $reference, 2); + $hash = strrchr($reference, '#'); + if($hash) { + $reference = substr($reference, 0, -strlen($hash)); + $hash = substr($hash, 1); + } //replace placeholder if(preg_match('#\{(URL|NAME|SCHEME|HOST|PORT|PATH|QUERY)\}#', $url)) { //use placeholders $url = str_replace('{URL}', rawurlencode($reference), $url); - $url = str_replace('{NAME}', $reference, $url); + //wiki names will be cleaned next, otherwise urlencode unsafe chars + $url = str_replace('{NAME}', ($url{0} === ':') ? $reference : + preg_replace_callback('/[[\\\\\]^`{|}#%]/', function($match) { + return rawurlencode($match[0]); + }, $reference), $url); $parsed = parse_url($reference); if(!$parsed['port']) $parsed['port'] = 80; $url = str_replace('{SCHEME}', $parsed['scheme'], $url); -- cgit v1.2.3 From 0cfb5a3076f8591bdbe10f9915199b3b3863dec8 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Wed, 22 Jul 2015 22:04:09 -0400 Subject: Remove non-functioning interwiki links --- _test/tests/inc/parser/renderer_resolveinterwiki.test.php | 2 ++ conf/interwiki.conf | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/_test/tests/inc/parser/renderer_resolveinterwiki.test.php b/_test/tests/inc/parser/renderer_resolveinterwiki.test.php index 8379bc065..772001b99 100644 --- a/_test/tests/inc/parser/renderer_resolveinterwiki.test.php +++ b/_test/tests/inc/parser/renderer_resolveinterwiki.test.php @@ -14,6 +14,8 @@ class Test_resolveInterwiki extends DokuWikiTest { $Renderer->interwiki['withslash'] = '/test'; $Renderer->interwiki['onlytext'] = ':onlytext{NAME}'; //with {URL} double urlencoded $Renderer->interwiki['withquery'] = ':anyns:{NAME}?do=edit'; + //this was the only link with host/port/path/query. Keep it here for regression + $Renderer->interwiki['coral'] = 'http://{HOST}.{PORT}.nyud.net:8090{PATH}?{QUERY}'; $tests = array( // shortcut, reference and expected diff --git a/conf/interwiki.conf b/conf/interwiki.conf index 18de535f0..9305c038a 100644 --- a/conf/interwiki.conf +++ b/conf/interwiki.conf @@ -16,8 +16,6 @@ wppl https://pl.wikipedia.org/wiki/{NAME} wpjp https://ja.wikipedia.org/wiki/{NAME} wpmeta https://meta.wikipedia.org/wiki/{NAME} doku https://www.dokuwiki.org/ -dokubug https://bugs.dokuwiki.org/index.php?do=details&task_id= -dokugit https://github.com/splitbrain/dokuwiki/issues/ rfc https://tools.ietf.org/html/rfc man http://man.cx/ amazon https://www.amazon.com/exec/obidos/ASIN/{URL}/splitbrain-20/ @@ -25,8 +23,6 @@ amazon.de https://www.amazon.de/exec/obidos/ASIN/{URL}/splitbrain-21/ amazon.uk https://www.amazon.co.uk/exec/obidos/ASIN/ paypal https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business= phpfn https://www.php.net/{NAME} -coral http://{HOST}.{PORT}.nyud.net:8090{PATH}?{QUERY} -freecache http://freecache.org/{NAME} sb http://www.splitbrain.org/go/ skype skype:{NAME} google.de https://www.google.de/search?q= -- cgit v1.2.3 From b43568ad387384d9ae09bf4d7c0835ecbdc6b5b1 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Wed, 22 Jul 2015 22:28:09 -0400 Subject: Document all options in the interwiki config --- conf/interwiki.conf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/conf/interwiki.conf b/conf/interwiki.conf index 9305c038a..3ddcfd810 100644 --- a/conf/interwiki.conf +++ b/conf/interwiki.conf @@ -1,8 +1,16 @@ -# Each URL may contain one of the placeholders {URL} or {NAME} +# Each URL may contain one of these placeholders # {URL} is replaced by the URL encoded representation of the wikiname # this is the right thing to do in most cases # {NAME} this is replaced by the wikiname as given in the document -# no further encoding is done +# only mandatory encoded is done, urlencoding if the link +# is an external URL, or encoding as a wikiname if it is an +# internal link (begins with a colon) +# {SCHEME} +# {HOST} +# {PORT} +# {PATH} +# {QUERY} these placeholders will be replaced with the appropriate part +# of the link when parsed as a URL # If no placeholder is defined the urlencoded name is appended to the URL # To prevent losing your added InterWiki shortcuts after an upgrade, -- cgit v1.2.3 From ac1654273a44452a833628e254ee3e172386a55e Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Thu, 23 Jul 2015 13:04:45 -0400 Subject: Remove splitbrain.org interwiki link --- conf/interwiki.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/conf/interwiki.conf b/conf/interwiki.conf index 3ddcfd810..4dc3c80ee 100644 --- a/conf/interwiki.conf +++ b/conf/interwiki.conf @@ -31,7 +31,6 @@ amazon.de https://www.amazon.de/exec/obidos/ASIN/{URL}/splitbrain-21/ amazon.uk https://www.amazon.co.uk/exec/obidos/ASIN/ paypal https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business= phpfn https://www.php.net/{NAME} -sb http://www.splitbrain.org/go/ skype skype:{NAME} google.de https://www.google.de/search?q= go https://www.google.com/search?q={URL}&btnI=lucky -- cgit v1.2.3