#!/usr/bin/perl -wT
#
# TWiki WikiClone (see wiki.pm for $wikiversion and other info)
#
# Based on parts of Ward Cunninghams original Wiki and JosWiki.
# Copyright (C) 1998 Markus Peter - SPiN GmbH (warpi@spin.de)
# Some changes by Dave Harris (drh@bhresearch.co.uk) incorporated
# Copyright (C) 1999-2000 Peter Thoeny, peter@thoeny.com
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details, published at 
# http://www.gnu.org/copyleft/gpl.html
# 
# CN 28 Feb 2002
# this save script can be invoked with "action" var being:
# Save - save the topic, go back to view mode
# QuietSave - save but do not email people on notification list
# Preview - preview the page the old way
# Checkpoint - save and re-edit immediately
# Cancel - cancel edit, release lock
#
# http://twiki.org/cgi-bin/view/Codev/SavemultiCgiScript
#
# 2004 July 05, matt wilkie 
# - updated to work with twiki beta 2004 May 07


#use strict;

BEGIN {
    # Set default current working directory (needed for mod_perl)
    if( $ENV{"SCRIPT_FILENAME"} && $ENV{"SCRIPT_FILENAME"} =~ /^(.+)\/[^\/]+$/ ) {
        chdir $1;
    }
    # Set library paths in @INC, at compile time
    unshift @INC, '.';
    require 'setlib.cfg';
}

use CGI::Carp qw(fatalsToBrowser);
use CGI;
use TWiki;


$query= new CGI;

&main();

sub main
{
    my $thePathInfo = $query->path_info(); 
    my $theRemoteUser = $query->remote_user();
    my $theTopic = $query->param( 'topic' );
    my $theUrl = $query->url;
    my $saveaction = $query->param( 'action' );

    ( $topic, $webName, $dummy, $userName ) = 
	&TWiki::initialize( $thePathInfo, $theRemoteUser, $theTopic, $theUrl, $query );
    $dummy = "";  # to suppress warning	

    my $wikiUserName = &TWiki::userToWikiName( $userName );

    if( ! &TWiki::Store::webExists( $webName ) ) {
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsnoweb" );
        TWiki::redirect( $query, $url );
        return;
    }

    my( $mirrorSiteName, $mirrorViewURL ) = &TWiki::readOnlyMirrorWeb( $webName );
    if( $mirrorSiteName ) {
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsmirror", $mirrorSiteName, $mirrorViewURL );
        print $query->redirect( $url );
        return;
    }

    # check access permission
    if( ! &TWiki::Access::checkAccessPermission( "change", $wikiUserName, "", $topic, $webName ) ) {
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccesschange" );
        TWiki::redirect( $query, $url );
        return;
    }

    # check permission for undocumented cmd=... parameter
    my $saveCmd = $query->param( "cmd" ) || "";
    if( ( $saveCmd ) &&
        ( ! &TWiki::Access::userIsInGroup( $wikiUserName, $TWiki::superAdminGroup ) ) ) {
        # user has no permission to execute undocumented cmd=... parameter
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessgroup", "$TWiki::mainWebname.$TWiki::superAdminGroup" );
        TWiki::redirect( $query, $url );
        return;
    }

    # get text and other parameters
    my $text = $query->param( "text" );
    my $unlock = $query->param( "unlock" ) || "on";
    my $dontNotify = $query->param( "dontnotify" ) || "";
    if ( $saveaction eq "Checkpoint" ) {
      $dontNotify = "checked";
      $unlock = "";
    } elsif ( $saveaction eq "QuietSave" ) {
      $dontNotify = "checked";
    } elsif ( $saveaction eq "Cancel" ) {
      my $viewURL = &TWiki::getScriptUrl( $webName, $topic, "view" );
      TWiki::redirect( $query, "$viewURL?unlock=on" );
      return;
    }

    # PTh 06 Nov 2000: check if proper use of save script
    if( ! ( defined $text ) ) {
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopssave" );
        TWiki::redirect( $query, $url );
        return;
    } elsif( ! $text ) {
        # empty topic not allowed
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsempty" );
        print $query->redirect( $url );
        return;
    }

    my $changeform = $query->param( 'submitChangeForm' ) || "";
    if( $changeform ) {
        &TWiki::Form::changeForm( $webName, $topic, $query );
        return;
    }

    # CN implementation of Preview as a button
    if( $saveaction eq "Preview" ) {
      &preview();
      return;
    }
    
    $text = &TWiki::Render::decodeSpecialChars( $text );
    $text =~ s/ {3}/\t/go;

    my $meta = "";
    if( $saveCmd eq "repRev" ) {
        $text =~ s/%__(.)__%/%_$1_%/go;
	( $meta, $text ) = &TWiki::Store::_extractMetaData( $webName, $topic, $text );
    } else {
        # normal case: Get latest attachment from file for preview
        my $tmp;
        ( $meta, $tmp ) = &TWiki::Store::readTopic( $webName, $topic );
        
	# parent setting
	my $theParent = $query->param( 'topicparent' ) || "";
	if( $theParent ) {
	    $meta->put( "TOPICPARENT", ( "name" => $theParent ) );
	}
        
	my $formTemplate = $query->param( "formtemplate" );
	if( $formTemplate ) {
	   $meta->remove( "FORM" );
	   $meta->put( "FORM", ( name => $formTemplate ) ) if( $formTemplate ne "none" );
	}

        &TWiki::Form::fieldVars2Meta( $webName, $query, $meta );
    }


    my $error = &TWiki::Store::saveTopic( $webName, $topic, $text, $meta, $saveCmd, $unlock, $dontNotify );
    if( $error ) {
        # S. Knutson 30 Nov 2000: error happened (probably from RCS), show it
        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopssaveerr", $error );
        TWiki::redirect( $query, $url );
    } else {
      if( $saveaction eq "Checkpoint" ) {
        my $editURL = &TWiki::getScriptUrl( $webName, $topic, "edit" );
        my $randompart = &randomURL();
	TWiki::redirect( $query, "$editURL|$randompart" );
      } else {
        TWiki::redirect( $query, &TWiki::getViewUrl( $webName, $topic ) );
      }
    }
}

## CN 28 feb 2002 - Preview code, copied/adapted from preview script
sub preview
{
    my $tmpl = ""; 
    my $ptext = "";
    my $meta = "";
    my $formFields = "";

    # reset lock time, this is to prevent contention in case of a long edit session
    &TWiki::Store::lockTopic( $topic );

    my $skin = $query->param( "skin" ) || &TWiki::Prefs::getPreferencesValue( "SKIN" );

    # Is user looking to change the form used?  Sits oddly in preview, but to avoid Javascript and pick
    # up text on edit page it has to be in preview.
    my $changeform = $query->param( 'submitChangeForm' ) || "";
    if( $changeform ) {
        &TWiki::Form::changeForm( $webName, $topic, $query );
        return;
    }

    # get view template, standard view or a view with a different skin
    $tmpl = &TWiki::Store::readTemplate( "preview", $skin );
    my $dontNotify = $query->param( "dontnotify" ) || "";
    $tmpl =~ s/%DONTNOTIFY%/$dontNotify/go;
    my $saveCmd = $query->param( "cmd" ) || "";
    if( $saveCmd ) {
        if( ! &TWiki::Access::userIsInGroup( $wikiUserName, $TWiki::superAdminGroup ) ) {
            # user has no permission to execute undocumented cmd=... parameter
            my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessgroup", "$TWiki::mainWebname.$TWiki::superAdminGroup" );
            TWiki::redirect( $query, $url );
            return;
        }
        $tmpl =~ s/\(preview\)/\(preview cmd=$saveCmd\)/go;
    }
    $tmpl =~ s/%CMD%/$saveCmd/go;
    
    if( $saveCmd ne "repRev" ) {
        my $dummy = "";
        ( $meta, $dummy ) = &TWiki::Store::readTopic( $webName, $topic );
        
	# parent setting
	my $theParent = $query->param( 'topicparent' ) || "";
	if( $theParent ) {
	    $tmpl =~ s/%TOPICPARENT%/$theParent/go;
	    $meta->put( "TOPICPARENT", ( "name" => $theParent ) );
	}
	$tmpl =~ s/%TOPICPARENT%/$theParent/;

	my $formTemplate = $query->param( "formtemplate" );
	if( $formTemplate ) {
	   $meta->remove( "FORM" );
	   $meta->put( "FORM", ( name => $formTemplate ) ) if( $formTemplate ne "none" );
	   $tmpl =~ s/%FORMTEMPLATE%/$formTemplate/go;
	} else {
	   $tmpl =~ s/%FORMTEMPLATE%//go;
	}

        # get the edited text and combine text, form and attachments for preview
        &TWiki::Form::fieldVars2Meta( $webName, $query, $meta );
        $text = $query->param( "text" );
        if( ! $text ) {
            # empty topic not allowed
            my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsempty" );
            print $query->redirect( $url );
            return;
        }
        $ptext = $text;
        
	if( $meta->count( "FORM" ) ) {
	   $formFields = &TWiki::Form::getFieldParams( $meta );
	}
    } else {
        $text = $query->param( "text" ); # text to save
        ( $meta, $ptext ) = &TWiki::Store::_extractMetaData( $webName, $topic, $text );
        $text =~ s/%_(.)_%/%__$1__%/go;
    }

    $ptext =~ s/ {3}/\t/go;
    $ptext = &TWiki::handleCommonTags( $ptext, $topic );
    $ptext = &TWiki::Render::getRenderedVersion( $ptext );

    # do not allow click on link before save:
    $ptext =~ s@(href=".*?")@href="%SCRIPTURLPATH%/oops%SCRIPTSUFFIX%/%WEB%/%TOPIC%\?template=oopspreview"@goi;
    $ptext = &TWiki::handleCommonTags( $ptext, $topic );

    $tmpl = &TWiki::handleCommonTags( $tmpl, $topic );
    $tmpl = &TWiki::handleMetaTags( $webName, $topic, $tmpl, $meta );
    $tmpl = &TWiki::Render::getRenderedVersion( $tmpl );
    $tmpl =~ s/%TEXT%/$ptext/go;
    
    $text = &TWiki::Render::encodeSpecialChars( $text );

    $tmpl =~ s/%HIDDENTEXT%/$text/go;
    $tmpl =~ s/%FORMFIELDS%/$formFields/go;
    $tmpl =~ s|( ?) *</*nop/*>\n?|$1|gois;   # remove <nop> tags (PTh 06 Nov 2000)

    &TWiki::writeHeader( $query );
    print $tmpl;
}


## Random URL:
# returns 4 random bytes in 0x01-0x1f range in %xx form
# =========================
sub randomURL
{
  my (@hc) = (qw (01 02 03 04 05 06 07 08 09 0b 0c 0d 0e 0f 10
		  11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f));
  #  srand; # needed only for perl < 5.004
  return "%$hc[rand(30)]%$hc[rand(30)]%$hc[rand(30)]%$hc[rand(30)]";
}