]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/CGI.pm
web commit from 83.222.23.243: poll vote (Accept only password logins)
[git.ikiwiki.info.git] / IkiWiki / CGI.pm
1 #!/usr/bin/perl
3 use warnings;
4 use strict;
5 use IkiWiki;
6 use IkiWiki::UserInfo;
7 use open qw{:utf8 :std};
8 use Encode;
10 package IkiWiki;
12 sub printheader ($) { #{{{
13         my $session=shift;
14         
15         if ($config{sslcookie}) {
16                 print $session->header(-charset => 'utf-8',
17                         -cookie => $session->cookie(-secure => 1));
18         } else {
19                 print $session->header(-charset => 'utf-8');
20         }
22 } #}}}
23         
24 sub showform ($$$$) { #{{{
25         my $form=shift;
26         my $buttons=shift;
27         my $session=shift;
28         my $cgi=shift;
30         if (exists $hooks{formbuilder}) {
31                 run_hooks(formbuilder => sub {
32                         shift->(form => $form, cgi => $cgi, session => $session,
33                                 buttons => $buttons);
34                 });
35         }
36         else {
37                 printheader($session);
38                 print misctemplate($form->title, $form->render(submit => $buttons));
39         }
40 }
42 sub redirect ($$) { #{{{
43         my $q=shift;
44         my $url=shift;
45         if (! $config{w3mmode}) {
46                 print $q->redirect($url);
47         }
48         else {
49                 print "Content-type: text/plain\n";
50                 print "W3m-control: GOTO $url\n\n";
51         }
52 } #}}}
54 sub check_canedit ($$$;$) { #{{{
55         my $page=shift;
56         my $q=shift;
57         my $session=shift;
58         my $nonfatal=shift;
59         
60         my $canedit;
61         run_hooks(canedit => sub {
62                 return if defined $canedit;
63                 my $ret=shift->($page, $q, $session);
64                 if (defined $ret && $ret eq "") {
65                         $canedit=1;
66                 }
67                 elsif (defined $ret) {
68                         $canedit=0;
69                         error($ret) unless $nonfatal;
70                 }
71         });
72         return $canedit;
73 } #}}}
75 sub decode_form_utf8 ($) { #{{{
76         my $form = shift;
77         foreach my $f ($form->field) {
78                 next if Encode::is_utf8(scalar $form->field($f));
79                 $form->field(name  => $f,
80                              value => decode_utf8($form->field($f)),
81                              force => 1,
82                             );
83         }
84 } #}}}
86 sub cgi_recentchanges ($) { #{{{
87         my $q=shift;
88         
89         # Optimisation: building recentchanges means calculating lots of
90         # links. Memoizing htmllink speeds it up a lot (can't be memoized
91         # during page builds as the return values may change, but they
92         # won't here.)
93         eval q{use Memoize};
94         error($@) if $@;
95         memoize("htmllink");
97         eval q{use Time::Duration};
98         error($@) if $@;
100         my $changelog=[rcs_recentchanges(100)];
101         foreach my $change (@$changelog) {
102                 $change->{when} = concise(ago($change->{when}));
104                 $change->{user} = userlink($change->{user});
106                 my $is_excess = exists $change->{pages}[10]; # limit pages to first 10
107                 delete @{$change->{pages}}[10 .. @{$change->{pages}}] if $is_excess;
108                 $change->{pages} = [
109                         map {
110                                 $_->{link} = htmllink("", "", $_->{page},
111                                         noimageinline => 1,
112                                         linktext => pagetitle($_->{page}));
113                                 $_;
114                         } @{$change->{pages}}
115                 ];
116                 push @{$change->{pages}}, { link => '...' } if $is_excess;
117         }
119         my $template=template("recentchanges.tmpl"); 
120         $template->param(
121                 title => "RecentChanges",
122                 indexlink => indexlink(),
123                 wikiname => $config{wikiname},
124                 changelog => $changelog,
125                 baseurl => baseurl(),
126         );
127         run_hooks(pagetemplate => sub {
128                 shift->(page => "", destpage => "", template => $template);
129         });
130         print $q->header(-charset => 'utf-8'), $template->output;
131 } #}}}
133 # Check if the user is signed in. If not, redirect to the signin form and
134 # save their place to return to later.
135 sub needsignin ($$) { #{{{
136         my $q=shift;
137         my $session=shift;
139         if (! defined $session->param("name") ||
140             ! userinfo_get($session->param("name"), "regdate")) {
141                 if (! defined $session->param("postsignin")) {
142                         $session->param(postsignin => $ENV{QUERY_STRING});
143                 }
144                 cgi_signin($q, $session);
145                 cgi_savesession($session);
146                 exit;
147         }
148 } #}}}  
150 sub cgi_signin ($$) { #{{{
151         my $q=shift;
152         my $session=shift;
154         eval q{use CGI::FormBuilder};
155         error($@) if $@;
156         my $form = CGI::FormBuilder->new(
157                 title => "signin",
158                 name => "signin",
159                 charset => "utf-8",
160                 method => 'POST',
161                 required => 'NONE',
162                 javascript => 0,
163                 params => $q,
164                 action => $config{cgiurl},
165                 header => 0,
166                 template => {type => 'div'},
167                 stylesheet => baseurl()."style.css",
168         );
169         my $buttons=["Login"];
170         
171         if ($q->param("do") ne "signin" && !$form->submitted) {
172                 $form->text(gettext("You need to log in first."));
173         }
174         $form->field(name => "do", type => "hidden", value => "signin",
175                 force => 1);
176         
177         decode_form_utf8($form);
178         
179         run_hooks(formbuilder_setup => sub {
180                 shift->(form => $form, cgi => $q, session => $session,
181                         buttons => $buttons);
182         });
184         if ($form->submitted) {
185                 $form->validate;
186         }
188         showform($form, $buttons, $session, $q);
189 } #}}}
191 sub cgi_postsignin ($$) { #{{{
192         my $q=shift;
193         my $session=shift;
194         
195         # Continue with whatever was being done before the signin process.
196         if (defined $session->param("postsignin")) {
197                 my $postsignin=CGI->new($session->param("postsignin"));
198                 $session->clear("postsignin");
199                 cgi($postsignin, $session);
200                 cgi_savesession($session);
201                 exit;
202         }
203         else {
204                 # This can occur, for example, if a user went to the signin
205                 # url via a bookmark.
206                 redirect($q, $config{url});
207         }
208 } #}}}
210 sub cgi_prefs ($$) { #{{{
211         my $q=shift;
212         my $session=shift;
214         needsignin($q, $session);
216         eval q{use CGI::FormBuilder};
217         error($@) if $@;
218         my $form = CGI::FormBuilder->new(
219                 title => "preferences",
220                 name => "preferences",
221                 header => 0,
222                 charset => "utf-8",
223                 method => 'POST',
224                 validate => {
225                         email => 'EMAIL',
226                 },
227                 required => 'NONE',
228                 javascript => 0,
229                 params => $q,
230                 action => $config{cgiurl},
231                 template => {type => 'div'},
232                 stylesheet => baseurl()."style.css",
233                 fieldsets => [
234                         [login => gettext("Login")],
235                         [preferences => gettext("Preferences")],
236                         [admin => gettext("Admin")]
237                 ],
238         );
239         my $buttons=["Save Preferences", "Logout", "Cancel"];
241         decode_form_utf8($form);
243         run_hooks(formbuilder_setup => sub {
244                 shift->(form => $form, cgi => $q, session => $session,
245                         buttons => $buttons);
246         });
247         
248         $form->field(name => "do", type => "hidden");
249         $form->field(name => "email", size => 50, fieldset => "preferences");
250         $form->field(name => "subscriptions", size => 50,
251                 fieldset => "preferences",
252                 comment => "(".htmllink("", "", "PageSpec", noimageinline => 1).")");
253         $form->field(name => "banned_users", size => 50,
254                 fieldset => "admin");
255         
256         my $user_name=$session->param("name");
257         if (! is_admin($user_name)) {
258                 $form->field(name => "banned_users", type => "hidden");
259         }
261         if (! $form->submitted) {
262                 $form->field(name => "email", force => 1,
263                         value => userinfo_get($user_name, "email"));
264                 $form->field(name => "subscriptions", force => 1,
265                         value => userinfo_get($user_name, "subscriptions"));
266                 if (is_admin($user_name)) {
267                         $form->field(name => "banned_users", force => 1,
268                                 value => join(" ", get_banned_users()));
269                 }
270         }
271         
272         if ($form->submitted eq 'Logout') {
273                 $session->delete();
274                 redirect($q, $config{url});
275                 return;
276         }
277         elsif ($form->submitted eq 'Cancel') {
278                 redirect($q, $config{url});
279                 return;
280         }
281         elsif ($form->submitted eq 'Save Preferences' && $form->validate) {
282                 foreach my $field (qw(email subscriptions)) {
283                         if (defined $form->field($field) && length $form->field($field)) {
284                                 userinfo_set($user_name, $field, $form->field($field)) ||
285                                         error("failed to set $field");
286                         }
287                 }
288                 if (is_admin($user_name)) {
289                         set_banned_users(grep { ! is_admin($_) }
290                                         split(' ',
291                                                 $form->field("banned_users"))) ||
292                                 error("failed saving changes");
293                 }
294                 $form->text(gettext("Preferences saved."));
295         }
296         
297         showform($form, $buttons, $session, $q);
298 } #}}}
300 sub cgi_editpage ($$) { #{{{
301         my $q=shift;
302         my $session=shift;
304         my @fields=qw(do rcsinfo subpage from page type editcontent comments);
305         my @buttons=("Save Page", "Preview", "Cancel");
306         
307         eval q{use CGI::FormBuilder};
308         error($@) if $@;
309         my $form = CGI::FormBuilder->new(
310                 title => "editpage",
311                 fields => \@fields,
312                 charset => "utf-8",
313                 method => 'POST',
314                 validate => {
315                         editcontent => '/.+/',
316                 },
317                 required => [qw{editcontent}],
318                 javascript => 0,
319                 params => $q,
320                 action => $config{cgiurl},
321                 header => 0,
322                 table => 0,
323                 template => scalar template_params("editpage.tmpl"),
324                 wikiname => $config{wikiname},
325         );
326         
327         decode_form_utf8($form);
328         
329         run_hooks(formbuilder_setup => sub {
330                 shift->(form => $form, cgi => $q, session => $session,
331                         buttons => \@buttons);
332         });
333         
334         # This untaint is safe because titlepage removes any problematic
335         # characters.
336         my ($page)=$form->field('page');
337         $page=titlepage(possibly_foolish_untaint($page));
338         if (! defined $page || ! length $page ||
339             file_pruned($page, $config{srcdir}) || $page=~/^\//) {
340                 error("bad page name");
341         }
342         
343         my $from;
344         if (defined $form->field('from')) {
345                 ($from)=$form->field('from')=~/$config{wiki_file_regexp}/;
346         }
347         
348         my $file;
349         my $type;
350         if (exists $pagesources{$page} && $form->field("do") ne "create") {
351                 $file=$pagesources{$page};
352                 $type=pagetype($file);
353                 if (! defined $type) {
354                         error(sprintf(gettext("%s is not an editable page"), $page));
355                 }
356                 if (! $form->submitted) {
357                         $form->field(name => "rcsinfo",
358                                 value => rcs_prepedit($file), force => 1);
359                 }
360         }
361         else {
362                 $type=$form->param('type');
363                 if (defined $type && length $type && $hooks{htmlize}{$type}) {
364                         $type=possibly_foolish_untaint($type);
365                 }
366                 elsif (defined $from) {
367                         # favor the type of linking page
368                         $type=pagetype($pagesources{$from});
369                 }
370                 $type=$config{default_pageext} unless defined $type;
371                 $file=$page.".".$type;
372                 if (! $form->submitted) {
373                         $form->field(name => "rcsinfo", value => "", force => 1);
374                 }
375         }
377         $form->field(name => "do", type => 'hidden');
378         $form->field(name => "from", type => 'hidden');
379         $form->field(name => "rcsinfo", type => 'hidden');
380         $form->field(name => "subpage", type => 'hidden');
381         $form->field(name => "page", value => pagetitle($page, 1), force => 1);
382         $form->field(name => "type", value => $type, force => 1);
383         $form->field(name => "comments", type => "text", size => 80);
384         $form->field(name => "editcontent", type => "textarea", rows => 20,
385                 cols => 80);
386         $form->tmpl_param("can_commit", $config{rcs});
387         $form->tmpl_param("indexlink", indexlink());
388         $form->tmpl_param("helponformattinglink",
389                 htmllink("", "", "HelpOnFormatting", noimageinline => 1));
390         $form->tmpl_param("baseurl", baseurl());
391         
392         if ($form->submitted eq "Cancel") {
393                 if ($form->field("do") eq "create" && defined $from) {
394                         redirect($q, "$config{url}/".htmlpage($from));
395                 }
396                 elsif ($form->field("do") eq "create") {
397                         redirect($q, $config{url});
398                 }
399                 else {
400                         redirect($q, "$config{url}/".htmlpage($page));
401                 }
402                 return;
403         }
404         elsif ($form->submitted eq "Preview") {
405                 my $content=$form->field('editcontent');
406                 run_hooks(editcontent => sub {
407                         $content=shift->(
408                                 content => $content,
409                                 page => $page,
410                                 cgi => $q,
411                                 session => $session,
412                         );
413                 });
414                 $form->tmpl_param("page_preview",
415                         htmlize($page, $type,
416                         linkify($page, "",
417                         preprocess($page, $page,
418                         filter($page, $page, $content), 0, 1))));
419         }
420         elsif ($form->submitted eq "Save Page") {
421                 $form->tmpl_param("page_preview", "");
422         }
423         $form->tmpl_param("page_conflict", "");
424         
425         if ($form->submitted ne "Save Page" || ! $form->validate) {
426                 if ($form->field("do") eq "create") {
427                         my @page_locs;
428                         my $best_loc;
429                         if (! defined $from || ! length $from ||
430                             $from ne $form->field('from') ||
431                             file_pruned($from, $config{srcdir}) ||
432                             $from=~/^\// ||
433                             $form->submitted eq "Preview") {
434                                 @page_locs=$best_loc=$page;
435                         }
436                         else {
437                                 my $dir=$from."/";
438                                 $dir=~s![^/]+/+$!!;
439                                 
440                                 if ((defined $form->field('subpage') && length $form->field('subpage')) ||
441                                     $page eq gettext('discussion')) {
442                                         $best_loc="$from/$page";
443                                 }
444                                 else {
445                                         $best_loc=$dir.$page;
446                                 }
447                                 
448                                 push @page_locs, $dir.$page;
449                                 push @page_locs, "$from/$page";
450                                 while (length $dir) {
451                                         $dir=~s![^/]+/+$!!;
452                                         push @page_locs, $dir.$page;
453                                 }
454                         }
455                         push @page_locs, "$config{userdir}/$page"
456                                 if length $config{userdir};
458                         @page_locs = grep {
459                                 ! exists $pagecase{lc $_}
460                         } @page_locs;
461                         if (! @page_locs) {
462                                 # hmm, someone else made the page in the
463                                 # meantime?
464                                 redirect($q, "$config{url}/".htmlpage($page));
465                                 return;
466                         }
468                         my @editable_locs = grep {
469                                 check_canedit($_, $q, $session, 1)
470                         } @page_locs;
471                         if (! @editable_locs) {
472                                 # let it throw an error this time
473                                 map { check_canedit($_, $q, $session) } @page_locs;
474                         }
475                         
476                         my @page_types;
477                         if (exists $hooks{htmlize}) {
478                                 @page_types=keys %{$hooks{htmlize}};
479                         }
480                         
481                         $form->tmpl_param("page_select", 1);
482                         $form->field(name => "page", type => 'select',
483                                 options => [ map { pagetitle($_, 1) } @editable_locs ],
484                                 value => pagetitle($best_loc, 1));
485                         $form->field(name => "type", type => 'select',
486                                 options => \@page_types);
487                         $form->title(sprintf(gettext("creating %s"), pagetitle($page)));
488                         
489                 }
490                 elsif ($form->field("do") eq "edit") {
491                         check_canedit($page, $q, $session);
492                         if (! defined $form->field('editcontent') || 
493                             ! length $form->field('editcontent')) {
494                                 my $content="";
495                                 if (exists $pagesources{$page}) {
496                                         $content=readfile(srcfile($pagesources{$page}));
497                                         $content=~s/\n/\r\n/g;
498                                 }
499                                 $form->field(name => "editcontent", value => $content,
500                                         force => 1);
501                         }
502                         $form->tmpl_param("page_select", 0);
503                         $form->field(name => "page", type => 'hidden');
504                         $form->field(name => "type", type => 'hidden');
505                         $form->title(sprintf(gettext("editing %s"), pagetitle($page)));
506                 }
507                 
508                 showform($form, \@buttons, $session, $q);
509                 saveindex();
510         }
511         else {
512                 # save page
513                 check_canedit($page, $q, $session);
515                 my $exists=-e "$config{srcdir}/$file";
517                 if ($form->field("do") ne "create" && ! $exists &&
518                     ! eval { srcfile($file) }) {
519                         $form->tmpl_param("page_gone", 1);
520                         $form->field(name => "do", value => "create", force => 1);
521                         $form->tmpl_param("page_select", 0);
522                         $form->field(name => "page", type => 'hidden');
523                         $form->field(name => "type", type => 'hidden');
524                         $form->title(sprintf(gettext("editing %s"), $page));
525                         showform($form, \@buttons, $session, $q);
526                         return;
527                 }
528                 elsif ($form->field("do") eq "create" && $exists) {
529                         $form->tmpl_param("creation_conflict", 1);
530                         $form->field(name => "do", value => "edit", force => 1);
531                         $form->tmpl_param("page_select", 0);
532                         $form->field(name => "page", type => 'hidden');
533                         $form->field(name => "type", type => 'hidden');
534                         $form->title(sprintf(gettext("editing %s"), $page));
535                         $form->field("editcontent", 
536                                 value => readfile("$config{srcdir}/$file").
537                                          "\n\n\n".$form->field("editcontent"),
538                                 force => 1);
539                         showform($form, \@buttons, $session, $q);
540                         return;
541                 }
542                 
543                 my $content=$form->field('editcontent');
544                 run_hooks(editcontent => sub {
545                         $content=shift->(
546                                 content => $content,
547                                 page => $page,
548                                 cgi => $q,
549                                 session => $session,
550                         );
551                 });
552                 $content=~s/\r\n/\n/g;
553                 $content=~s/\r/\n/g;
555                 $config{cgi}=0; # avoid cgi error message
556                 eval { writefile($file, $config{srcdir}, $content) };
557                 $config{cgi}=1;
558                 if ($@) {
559                         $form->field(name => "rcsinfo", value => rcs_prepedit($file),
560                                 force => 1);
561                         $form->tmpl_param("failed_save", 1);
562                         $form->tmpl_param("error_message", $@);
563                         $form->field("editcontent", value => $content, force => 1);
564                         $form->tmpl_param("page_select", 0);
565                         $form->field(name => "page", type => 'hidden');
566                         $form->field(name => "type", type => 'hidden');
567                         $form->title(sprintf(gettext("editing %s"), $page));
568                         showform($form, \@buttons, $session, $q);
569                         return;
570                 }
571                 
572                 my $conflict;
573                 if ($config{rcs}) {
574                         my $message="";
575                         if (defined $form->field('comments') &&
576                             length $form->field('comments')) {
577                                 $message=$form->field('comments');
578                         }
579                         
580                         if (! $exists) {
581                                 rcs_add($file);
582                         }
584                         # Prevent deadlock with post-commit hook by
585                         # signaling to it that it should not try to
586                         # do anything (except send commit mails).
587                         disable_commit_hook();
588                         $conflict=rcs_commit($file, $message,
589                                 $form->field("rcsinfo"),
590                                 $session->param("name"), $ENV{REMOTE_ADDR});
591                         enable_commit_hook();
592                         rcs_update();
593                 }
594                 
595                 # Refresh even if there was a conflict, since other changes
596                 # may have been committed while the post-commit hook was
597                 # disabled.
598                 require IkiWiki::Render;
599                 refresh();
600                 saveindex();
602                 if (defined $conflict) {
603                         $form->field(name => "rcsinfo", value => rcs_prepedit($file),
604                                 force => 1);
605                         $form->tmpl_param("page_conflict", 1);
606                         $form->field("editcontent", value => $conflict, force => 1);
607                         $form->field("do", "edit", force => 1);
608                         $form->tmpl_param("page_select", 0);
609                         $form->field(name => "page", type => 'hidden');
610                         $form->field(name => "type", type => 'hidden');
611                         $form->title(sprintf(gettext("editing %s"), $page));
612                         showform($form, \@buttons, $session, $q);
613                         return;
614                 }
615                 else {
616                         # The trailing question mark tries to avoid broken
617                         # caches and get the most recent version of the page.
618                         redirect($q, "$config{url}/".htmlpage($page)."?updated");
619                 }
620         }
621 } #}}}
623 sub cgi_getsession ($) { #{{{
624         my $q=shift;
626         eval q{use CGI::Session};
627         CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
628         
629         my $oldmask=umask(077);
630         my $session = CGI::Session->new("driver:DB_File", $q,
631                 { FileName => "$config{wikistatedir}/sessions.db" });
632         umask($oldmask);
634         return $session;
635 } #}}}
637 sub cgi_savesession ($) { #{{{
638         my $session=shift;
640         # Force session flush with safe umask.
641         my $oldmask=umask(077);
642         $session->flush;
643         umask($oldmask);
644 } #}}}
646 sub cgi (;$$) { #{{{
647         my $q=shift;
648         my $session=shift;
650         if (! $q) {
651                 eval q{use CGI};
652                 error($@) if $@;
653         
654                 $q=CGI->new;
655         
656                 run_hooks(cgi => sub { shift->($q) });
657         }
659         my $do=$q->param('do');
660         if (! defined $do || ! length $do) {
661                 my $error = $q->cgi_error;
662                 if ($error) {
663                         error("Request not processed: $error");
664                 }
665                 else {
666                         error("\"do\" parameter missing");
667                 }
668         }
669         
670         # Things that do not need a session.
671         if ($do eq 'recentchanges') {
672                 cgi_recentchanges($q);
673                 return;
674         }
676         # Need to lock the wiki before getting a session.
677         lockwiki();
678         
679         if (! $session) {
680                 $session=cgi_getsession($q);
681         }
682         
683         # Auth hooks can sign a user in.
684         if ($do ne 'signin' && ! defined $session->param("name")) {
685                 run_hooks(auth => sub {
686                         shift->($q, $session)
687                 });
688                 if (defined $session->param("name")) {
689                         # Make sure whatever user was authed is in the
690                         # userinfo db.
691                         if (! userinfo_get($session->param("name"), "regdate")) {
692                                 userinfo_setall($session->param("name"), {
693                                         email => "",
694                                         password => "",
695                                         regdate => time,
696                                 }) || error("failed adding user");
697                         }
698                 }
699         }
700         
701         if (defined $session->param("name") &&
702             userinfo_get($session->param("name"), "banned")) {
703                 print $q->header(-status => "403 Forbidden");
704                 $session->delete();
705                 print gettext("You are banned.");
706                 cgi_savesession($session);
707         }
709         run_hooks(sessioncgi => sub { shift->($q, $session) });
711         if ($do eq 'signin') {
712                 cgi_signin($q, $session);
713                 cgi_savesession($session);
714         }
715         elsif (defined $session->param("postsignin")) {
716                 cgi_postsignin($q, $session);
717         }
718         elsif ($do eq 'prefs') {
719                 cgi_prefs($q, $session);
720         }
721         elsif ($do eq 'create' || $do eq 'edit') {
722                 cgi_editpage($q, $session);
723         }
724         elsif ($do eq 'postsignin') {
725                 error(gettext("login failed, perhaps you need to turn on cookies?"));
726         }
727         else {
728                 error("unknown do parameter");
729         }
730 } #}}}
732 sub userlink ($) { #{{{
733         my $user=shift;
735         eval q{use CGI 'escapeHTML'};
736         error($@) if $@;
737         if ($user =~ m!^https?://! &&
738             eval q{use Net::OpenID::VerifiedIdentity; 1} && !$@) {
739                 # Munge user-urls, as used by eg, OpenID.
740                 my $oid=Net::OpenID::VerifiedIdentity->new(identity => $user);
741                 my $display=$oid->display;
742                 # Convert "user.somehost.com" to "user [somehost.com]".
743                 if ($display !~ /\[/) {
744                         $display=~s/^(.*?)\.([^.]+\.[a-z]+)$/$1 [$2]/;
745                 }
746                 # Convert "http://somehost.com/user" to "user [somehost.com]".
747                 if ($display !~ /\[/) {
748                         $display=~s/^https?:\/\/(.+)\/([^\/]+)$/$2 [$1]/;
749                 }
750                 $display=~s!^https?://!!; # make sure this is removed
751                 return "<a href=\"$user\">".escapeHTML($display)."</a>";
752         }
753         else {
754                 return htmllink("", "", escapeHTML(
755                         length $config{userdir} ? $config{userdir}."/".$user : $user
756                 ), noimageinline => 1);
757         }
758 } #}}}