]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/CGI.pm
comments
[git.ikiwiki.info.git] / IkiWiki / CGI.pm
1 #!/usr/bin/perl
3 use warnings;
4 use strict;
5 use IkiWiki;
6 use IkiWiki::UserInfo;
7 use open qw{:utf8 :std};
8 use Encode;
10 package IkiWiki;
12 sub printheader ($) { #{{{
13         my $session=shift;
14         
15         if ($config{sslcookie}) {
16                 print $session->header(-charset => 'utf-8',
17                         -cookie => $session->cookie(-secure => 1));
18         } else {
19                 print $session->header(-charset => 'utf-8');
20         }
22 } #}}}
23         
24 sub showform ($$$$) { #{{{
25         my $form=shift;
26         my $buttons=shift;
27         my $session=shift;
28         my $cgi=shift;
30         if (exists $hooks{formbuilder}) {
31                 run_hooks(formbuilder => sub {
32                         shift->(form => $form, cgi => $cgi, session => $session,
33                                 buttons => $buttons);
34                 });
35         }
36         else {
37                 printheader($session);
38                 print misctemplate($form->title, $form->render(submit => $buttons));
39         }
40 }
42 sub redirect ($$) { #{{{
43         my $q=shift;
44         my $url=shift;
45         if (! $config{w3mmode}) {
46                 print $q->redirect($url);
47         }
48         else {
49                 print "Content-type: text/plain\n";
50                 print "W3m-control: GOTO $url\n\n";
51         }
52 } #}}}
54 sub check_canedit ($$$;$) { #{{{
55         my $page=shift;
56         my $q=shift;
57         my $session=shift;
58         my $nonfatal=shift;
59         
60         my $canedit;
61         run_hooks(canedit => sub {
62                 return if defined $canedit;
63                 my $ret=shift->($page, $q, $session);
64                 if (defined $ret && $ret eq "") {
65                         $canedit=1;
66                 }
67                 elsif (defined $ret) {
68                         $canedit=0;
69                         error($ret) unless $nonfatal;
70                 }
71         });
72         return $canedit;
73 } #}}}
75 sub decode_form_utf8 ($) { #{{{
76         my $form = shift;
77         foreach my $f ($form->field) {
78                 next if Encode::is_utf8(scalar $form->field($f));
79                 $form->field(name  => $f,
80                              value => decode_utf8($form->field($f)),
81                              force => 1,
82                             );
83         }
84 } #}}}
86 sub cgi_recentchanges ($) { #{{{
87         my $q=shift;
88         
89         # Optimisation: building recentchanges means calculating lots of
90         # links. Memoizing htmllink speeds it up a lot (can't be memoized
91         # during page builds as the return values may change, but they
92         # won't here.)
93         eval q{use Memoize};
94         error($@) if $@;
95         memoize("htmllink");
97         eval q{use Time::Duration};
98         error($@) if $@;
100         my $changelog=[rcs_recentchanges(100)];
101         foreach my $change (@$changelog) {
102                 $change->{when} = concise(ago($change->{when}));
104                 $change->{user} = userlink($change->{user});
106                 my $is_excess = exists $change->{pages}[10]; # limit pages to first 10
107                 delete @{$change->{pages}}[10 .. @{$change->{pages}}] if $is_excess;
108                 $change->{pages} = [
109                         map {
110                                 $_->{link} = htmllink("", "", $_->{page},
111                                         noimageinline => 1,
112                                         linktext => pagetitle($_->{page}));
113                                 $_;
114                         } @{$change->{pages}}
115                 ];
116                 push @{$change->{pages}}, { link => '...' } if $is_excess;
117         }
119         my $template=template("recentchanges.tmpl"); 
120         $template->param(
121                 title => "RecentChanges",
122                 indexlink => indexlink(),
123                 wikiname => $config{wikiname},
124                 changelog => $changelog,
125                 baseurl => baseurl(),
126         );
127         run_hooks(pagetemplate => sub {
128                 shift->(page => "", destpage => "", template => $template);
129         });
130         print $q->header(-charset => 'utf-8'), $template->output;
131 } #}}}
133 # Check if the user is signed in. If not, redirect to the signin form and
134 # save their place to return to later.
135 sub needsignin ($$) { #{{{
136         my $q=shift;
137         my $session=shift;
139         if (! defined $session->param("name") ||
140             ! userinfo_get($session->param("name"), "regdate")) {
141                 if (! defined $session->param("postsignin")) {
142                         $session->param(postsignin => $ENV{QUERY_STRING});
143                 }
144                 cgi_signin($q, $session);
145                 cgi_savesession($session);
146                 exit;
147         }
148 } #}}}  
150 sub cgi_signin ($$) { #{{{
151         my $q=shift;
152         my $session=shift;
154         eval q{use CGI::FormBuilder};
155         error($@) if $@;
156         my $form = CGI::FormBuilder->new(
157                 title => "signin",
158                 name => "signin",
159                 charset => "utf-8",
160                 method => 'POST',
161                 required => 'NONE',
162                 javascript => 0,
163                 params => $q,
164                 action => $config{cgiurl},
165                 header => 0,
166                 template => {type => 'div'},
167                 stylesheet => baseurl()."style.css",
168         );
169         my $buttons=["Login"];
170         
171         if ($q->param("do") ne "signin" && !$form->submitted) {
172                 $form->text(gettext("You need to log in first."));
173         }
174         $form->field(name => "do", type => "hidden", value => "signin",
175                 force => 1);
176         
177         decode_form_utf8($form);
178         
179         run_hooks(formbuilder_setup => sub {
180                 shift->(form => $form, cgi => $q, session => $session,
181                         buttons => $buttons);
182         });
184         if ($form->submitted) {
185                 $form->validate;
186         }
188         showform($form, $buttons, $session, $q);
189 } #}}}
191 sub cgi_postsignin ($$) { #{{{
192         my $q=shift;
193         my $session=shift;
194         
195         # Continue with whatever was being done before the signin process.
196         if (defined $session->param("postsignin")) {
197                 my $postsignin=CGI->new($session->param("postsignin"));
198                 $session->clear("postsignin");
199                 cgi($postsignin, $session);
200                 cgi_savesession($session);
201                 exit;
202         }
203         else {
204                 # This can occur, for example, if a user went to the signin
205                 # url via a bookmark.
206                 redirect($q, $config{url});
207         }
208 } #}}}
210 sub cgi_prefs ($$) { #{{{
211         my $q=shift;
212         my $session=shift;
214         needsignin($q, $session);
216         eval q{use CGI::FormBuilder};
217         error($@) if $@;
218         my $form = CGI::FormBuilder->new(
219                 title => "preferences",
220                 name => "preferences",
221                 header => 0,
222                 charset => "utf-8",
223                 method => 'POST',
224                 validate => {
225                         email => 'EMAIL',
226                 },
227                 required => 'NONE',
228                 javascript => 0,
229                 params => $q,
230                 action => $config{cgiurl},
231                 template => {type => 'div'},
232                 stylesheet => baseurl()."style.css",
233                 fieldsets => [
234                         [login => gettext("Login")],
235                         [preferences => gettext("Preferences")],
236                         [admin => gettext("Admin")]
237                 ],
238         );
239         my $buttons=["Save Preferences", "Logout", "Cancel"];
241         decode_form_utf8($form);
243         run_hooks(formbuilder_setup => sub {
244                 shift->(form => $form, cgi => $q, session => $session,
245                         buttons => $buttons);
246         });
247         
248         $form->field(name => "do", type => "hidden");
249         $form->field(name => "email", size => 50, fieldset => "preferences");
250         $form->field(name => "subscriptions", size => 50,
251                 fieldset => "preferences",
252                 comment => "(".htmllink("", "", "PageSpec", noimageinline => 1).")");
253         $form->field(name => "banned_users", size => 50,
254                 fieldset => "admin");
255         
256         my $user_name=$session->param("name");
257         if (! is_admin($user_name)) {
258                 $form->field(name => "banned_users", type => "hidden");
259         }
261         if (! $form->submitted) {
262                 $form->field(name => "email", force => 1,
263                         value => userinfo_get($user_name, "email"));
264                 $form->field(name => "subscriptions", force => 1,
265                         value => userinfo_get($user_name, "subscriptions"));
266                 if (is_admin($user_name)) {
267                         $form->field(name => "banned_users", force => 1,
268                                 value => join(" ", get_banned_users()));
269                 }
270         }
271         
272         if ($form->submitted eq 'Logout') {
273                 $session->delete();
274                 redirect($q, $config{url});
275                 return;
276         }
277         elsif ($form->submitted eq 'Cancel') {
278                 redirect($q, $config{url});
279                 return;
280         }
281         elsif ($form->submitted eq 'Save Preferences' && $form->validate) {
282                 foreach my $field (qw(email subscriptions)) {
283                         if (defined $form->field($field) && length $form->field($field)) {
284                                 userinfo_set($user_name, $field, $form->field($field)) ||
285                                         error("failed to set $field");
286                         }
287                 }
288                 if (is_admin($user_name)) {
289                         set_banned_users(grep { ! is_admin($_) }
290                                         split(' ',
291                                                 $form->field("banned_users"))) ||
292                                 error("failed saving changes");
293                 }
294                 $form->text(gettext("Preferences saved."));
295         }
296         
297         showform($form, $buttons, $session, $q);
298 } #}}}
300 sub cgi_editpage ($$) { #{{{
301         my $q=shift;
302         my $session=shift;
304         my @fields=qw(do rcsinfo subpage from page type editcontent comments);
305         my @buttons=("Save Page", "Preview", "Cancel");
306         
307         eval q{use CGI::FormBuilder};
308         error($@) if $@;
309         my $form = CGI::FormBuilder->new(
310                 title => "editpage",
311                 fields => \@fields,
312                 charset => "utf-8",
313                 method => 'POST',
314                 validate => {
315                         editcontent => '/.+/',
316                 },
317                 required => [qw{editcontent}],
318                 javascript => 0,
319                 params => $q,
320                 action => $config{cgiurl},
321                 header => 0,
322                 table => 0,
323                 template => scalar template_params("editpage.tmpl"),
324                 wikiname => $config{wikiname},
325         );
326         
327         decode_form_utf8($form);
328         
329         run_hooks(formbuilder_setup => sub {
330                 shift->(form => $form, cgi => $q, session => $session,
331                         buttons => \@buttons);
332         });
333         
334         # This untaint is safe because titlepage removes any problematic
335         # characters.
336         my ($page)=$form->field('page');
337         $page=titlepage(possibly_foolish_untaint($page));
338         if (! defined $page || ! length $page ||
339             file_pruned($page, $config{srcdir}) || $page=~/^\//) {
340                 error("bad page name");
341         }
342         
343         my $from;
344         if (defined $form->field('from')) {
345                 ($from)=$form->field('from')=~/$config{wiki_file_regexp}/;
346         }
347         
348         my $file;
349         my $type;
350         if (exists $pagesources{$page} && $form->field("do") ne "create") {
351                 $file=$pagesources{$page};
352                 $type=pagetype($file);
353                 if (! defined $type) {
354                         error(sprintf(gettext("%s is not an editable page"), $page));
355                 }
356                 if (! $form->submitted) {
357                         $form->field(name => "rcsinfo",
358                                 value => rcs_prepedit($file), force => 1);
359                 }
360         }
361         else {
362                 $type=$form->param('type');
363                 if (defined $type && length $type && $hooks{htmlize}{$type}) {
364                         $type=possibly_foolish_untaint($type);
365                 }
366                 elsif (defined $from) {
367                         # favor the type of linking page
368                         $type=pagetype($pagesources{$from});
369                 }
370                 $type=$config{default_pageext} unless defined $type;
371                 $file=$page.".".$type;
372                 if (! $form->submitted) {
373                         $form->field(name => "rcsinfo", value => "", force => 1);
374                 }
375         }
377         $form->field(name => "do", type => 'hidden');
378         $form->field(name => "from", type => 'hidden');
379         $form->field(name => "rcsinfo", type => 'hidden');
380         $form->field(name => "subpage", type => 'hidden');
381         $form->field(name => "page", value => pagetitle($page, 1), force => 1);
382         $form->field(name => "type", value => $type, force => 1);
383         $form->field(name => "comments", type => "text", size => 80);
384         $form->field(name => "editcontent", type => "textarea", rows => 20,
385                 cols => 80);
386         $form->tmpl_param("can_commit", $config{rcs});
387         $form->tmpl_param("indexlink", indexlink());
388         $form->tmpl_param("helponformattinglink",
389                 htmllink("", "", "HelpOnFormatting", noimageinline => 1));
390         $form->tmpl_param("baseurl", baseurl());
391         
392         if ($form->submitted eq "Cancel") {
393                 if ($form->field("do") eq "create" && defined $from) {
394                         redirect($q, "$config{url}/".htmlpage($from));
395                 }
396                 elsif ($form->field("do") eq "create") {
397                         redirect($q, $config{url});
398                 }
399                 else {
400                         redirect($q, "$config{url}/".htmlpage($page));
401                 }
402                 return;
403         }
404         elsif ($form->submitted eq "Preview") {
405                 my $content=$form->field('editcontent');
406                 run_hooks(editcontent => sub {
407                         $content=shift->(
408                                 content => $content,
409                                 page => $page,
410                                 cgi => $q,
411                                 session => $session,
412                         );
413                 });
414                 $form->tmpl_param("page_preview",
415                         htmlize($page, $type,
416                         linkify($page, "",
417                         preprocess($page, $page,
418                         filter($page, $page, $content), 0, 1))));
419         }
420         elsif ($form->submitted eq "Save Page") {
421                 $form->tmpl_param("page_preview", "");
422         }
423         $form->tmpl_param("page_conflict", "");
424         
425         if ($form->submitted ne "Save Page" || ! $form->validate) {
426                 if ($form->field("do") eq "create") {
427                         my @page_locs;
428                         my $best_loc;
429                         if (! defined $from || ! length $from ||
430                             $from ne $form->field('from') ||
431                             file_pruned($from, $config{srcdir}) ||
432                             $from=~/^\// ||
433                             $form->submitted eq "Preview") {
434                                 @page_locs=$best_loc=$page;
435                         }
436                         else {
437                                 my $dir=$from."/";
438                                 $dir=~s![^/]+/+$!!;
439                                 
440                                 if ((defined $form->field('subpage') && length $form->field('subpage')) ||
441                                     $page eq gettext('discussion')) {
442                                         $best_loc="$from/$page";
443                                 }
444                                 else {
445                                         $best_loc=$dir.$page;
446                                 }
447                                 
448                                 push @page_locs, $dir.$page;
449                                 push @page_locs, "$from/$page";
450                                 while (length $dir) {
451                                         $dir=~s![^/]+/+$!!;
452                                         push @page_locs, $dir.$page;
453                                 }
454                         }
455                         push @page_locs, "$config{userdir}/$page"
456                                 if length $config{userdir};
458                         @page_locs = grep {
459                                 ! exists $pagecase{lc $_}
460                         } @page_locs;
461                         if (! @page_locs) {
462                                 # hmm, someone else made the page in the
463                                 # meantime?
464                                 redirect($q, "$config{url}/".htmlpage($page));
465                                 return;
466                         }
468                         my @editable_locs = grep {
469                                 check_canedit($_, $q, $session, 1)
470                         } @page_locs;
471                         if (! @editable_locs) {
472                                 # let it throw an error this time
473                                 map { check_canedit($_, $q, $session) } @page_locs;
474                         }
475                         
476                         my @page_types;
477                         if (exists $hooks{htmlize}) {
478                                 @page_types=keys %{$hooks{htmlize}};
479                         }
480                         
481                         $form->tmpl_param("page_select", 1);
482                         $form->field(name => "page", type => 'select',
483                                 options => [ map { pagetitle($_, 1) } @editable_locs ],
484                                 value => pagetitle($best_loc, 1));
485                         $form->field(name => "type", type => 'select',
486                                 options => \@page_types);
487                         $form->title(sprintf(gettext("creating %s"), pagetitle($page)));
488                         
489                 }
490                 elsif ($form->field("do") eq "edit") {
491                         check_canedit($page, $q, $session);
492                         if (! defined $form->field('editcontent') || 
493                             ! length $form->field('editcontent')) {
494                                 my $content="";
495                                 if (exists $pagesources{$page}) {
496                                         $content=readfile(srcfile($pagesources{$page}));
497                                         $content=~s/\n/\r\n/g;
498                                 }
499                                 $form->field(name => "editcontent", value => $content,
500                                         force => 1);
501                         }
502                         $form->tmpl_param("page_select", 0);
503                         $form->field(name => "page", type => 'hidden');
504                         $form->field(name => "type", type => 'hidden');
505                         $form->title(sprintf(gettext("editing %s"), pagetitle($page)));
506                 }
507                 
508                 showform($form, \@buttons, $session, $q);
509         }
510         else {
511                 # save page
512                 check_canedit($page, $q, $session);
514                 my $exists=-e "$config{srcdir}/$file";
516                 if ($form->field("do") ne "create" && ! $exists &&
517                     ! eval { srcfile($file) }) {
518                         $form->tmpl_param("page_gone", 1);
519                         $form->field(name => "do", value => "create", force => 1);
520                         $form->tmpl_param("page_select", 0);
521                         $form->field(name => "page", type => 'hidden');
522                         $form->field(name => "type", type => 'hidden');
523                         $form->title(sprintf(gettext("editing %s"), $page));
524                         showform($form, \@buttons, $session, $q);
525                         return;
526                 }
527                 elsif ($form->field("do") eq "create" && $exists) {
528                         $form->tmpl_param("creation_conflict", 1);
529                         $form->field(name => "do", value => "edit", force => 1);
530                         $form->tmpl_param("page_select", 0);
531                         $form->field(name => "page", type => 'hidden');
532                         $form->field(name => "type", type => 'hidden');
533                         $form->title(sprintf(gettext("editing %s"), $page));
534                         $form->field("editcontent", 
535                                 value => readfile("$config{srcdir}/$file").
536                                          "\n\n\n".$form->field("editcontent"),
537                                 force => 1);
538                         showform($form, \@buttons, $session, $q);
539                         return;
540                 }
541                 
542                 my $content=$form->field('editcontent');
543                 run_hooks(editcontent => sub {
544                         $content=shift->(
545                                 content => $content,
546                                 page => $page,
547                                 cgi => $q,
548                                 session => $session,
549                         );
550                 });
551                 $content=~s/\r\n/\n/g;
552                 $content=~s/\r/\n/g;
554                 $config{cgi}=0; # avoid cgi error message
555                 eval { writefile($file, $config{srcdir}, $content) };
556                 $config{cgi}=1;
557                 if ($@) {
558                         $form->field(name => "rcsinfo", value => rcs_prepedit($file),
559                                 force => 1);
560                         $form->tmpl_param("failed_save", 1);
561                         $form->tmpl_param("error_message", $@);
562                         $form->field("editcontent", value => $content, force => 1);
563                         $form->tmpl_param("page_select", 0);
564                         $form->field(name => "page", type => 'hidden');
565                         $form->field(name => "type", type => 'hidden');
566                         $form->title(sprintf(gettext("editing %s"), $page));
567                         showform($form, \@buttons, $session, $q);
568                         return;
569                 }
570                 
571                 my $conflict;
572                 if ($config{rcs}) {
573                         my $message="";
574                         if (defined $form->field('comments') &&
575                             length $form->field('comments')) {
576                                 $message=$form->field('comments');
577                         }
578                         
579                         if (! $exists) {
580                                 rcs_add($file);
581                         }
583                         # Prevent deadlock with post-commit hook by
584                         # signaling to it that it should not try to
585                         # do anything (except send commit mails).
586                         disable_commit_hook();
587                         $conflict=rcs_commit($file, $message,
588                                 $form->field("rcsinfo"),
589                                 $session->param("name"), $ENV{REMOTE_ADDR});
590                         enable_commit_hook();
591                         rcs_update();
592                 }
593                 
594                 # Refresh even if there was a conflict, since other changes
595                 # may have been committed while the post-commit hook was
596                 # disabled.
597                 require IkiWiki::Render;
598                 refresh();
599                 saveindex();
601                 if (defined $conflict) {
602                         $form->field(name => "rcsinfo", value => rcs_prepedit($file),
603                                 force => 1);
604                         $form->tmpl_param("page_conflict", 1);
605                         $form->field("editcontent", value => $conflict, force => 1);
606                         $form->field("do", "edit", force => 1);
607                         $form->tmpl_param("page_select", 0);
608                         $form->field(name => "page", type => 'hidden');
609                         $form->field(name => "type", type => 'hidden');
610                         $form->title(sprintf(gettext("editing %s"), $page));
611                         showform($form, \@buttons, $session, $q);
612                         return;
613                 }
614                 else {
615                         # The trailing question mark tries to avoid broken
616                         # caches and get the most recent version of the page.
617                         redirect($q, "$config{url}/".htmlpage($page)."?updated");
618                 }
619         }
620 } #}}}
622 sub cgi_getsession ($) { #{{{
623         my $q=shift;
625         eval q{use CGI::Session};
626         CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
627         
628         my $oldmask=umask(077);
629         my $session = CGI::Session->new("driver:DB_File", $q,
630                 { FileName => "$config{wikistatedir}/sessions.db" });
631         umask($oldmask);
633         return $session;
634 } #}}}
636 sub cgi_savesession ($) { #{{{
637         my $session=shift;
639         # Force session flush with safe umask.
640         my $oldmask=umask(077);
641         $session->flush;
642         umask($oldmask);
643 } #}}}
645 sub cgi (;$$) { #{{{
646         my $q=shift;
647         my $session=shift;
649         if (! $q) {
650                 eval q{use CGI};
651                 error($@) if $@;
652         
653                 $q=CGI->new;
654         
655                 run_hooks(cgi => sub { shift->($q) });
656         }
658         my $do=$q->param('do');
659         if (! defined $do || ! length $do) {
660                 my $error = $q->cgi_error;
661                 if ($error) {
662                         error("Request not processed: $error");
663                 }
664                 else {
665                         error("\"do\" parameter missing");
666                 }
667         }
668         
669         # Things that do not need a session.
670         if ($do eq 'recentchanges') {
671                 cgi_recentchanges($q);
672                 return;
673         }
675         # Need to lock the wiki before getting a session.
676         lockwiki();
677         
678         if (! $session) {
679                 $session=cgi_getsession($q);
680         }
681         
682         # Auth hooks can sign a user in.
683         if ($do ne 'signin' && ! defined $session->param("name")) {
684                 run_hooks(auth => sub {
685                         shift->($q, $session)
686                 });
687                 if (defined $session->param("name")) {
688                         # Make sure whatever user was authed is in the
689                         # userinfo db.
690                         if (! userinfo_get($session->param("name"), "regdate")) {
691                                 userinfo_setall($session->param("name"), {
692                                         email => "",
693                                         password => "",
694                                         regdate => time,
695                                 }) || error("failed adding user");
696                         }
697                 }
698         }
699         
700         if (defined $session->param("name") &&
701             userinfo_get($session->param("name"), "banned")) {
702                 print $q->header(-status => "403 Forbidden");
703                 $session->delete();
704                 print gettext("You are banned.");
705                 cgi_savesession($session);
706         }
708         run_hooks(sessioncgi => sub { shift->($q, $session) });
710         if ($do eq 'signin') {
711                 cgi_signin($q, $session);
712                 cgi_savesession($session);
713         }
714         elsif (defined $session->param("postsignin")) {
715                 cgi_postsignin($q, $session);
716         }
717         elsif ($do eq 'prefs') {
718                 cgi_prefs($q, $session);
719         }
720         elsif ($do eq 'create' || $do eq 'edit') {
721                 cgi_editpage($q, $session);
722         }
723         elsif ($do eq 'postsignin') {
724                 error(gettext("login failed, perhaps you need to turn on cookies?"));
725         }
726         else {
727                 error("unknown do parameter");
728         }
729 } #}}}
731 sub userlink ($) { #{{{
732         my $user=shift;
734         eval q{use CGI 'escapeHTML'};
735         error($@) if $@;
736         if ($user =~ m!^https?://! &&
737             eval q{use Net::OpenID::VerifiedIdentity; 1} && !$@) {
738                 # Munge user-urls, as used by eg, OpenID.
739                 my $oid=Net::OpenID::VerifiedIdentity->new(identity => $user);
740                 my $display=$oid->display;
741                 # Convert "user.somehost.com" to "user [somehost.com]".
742                 if ($display !~ /\[/) {
743                         $display=~s/^(.*?)\.([^.]+\.[a-z]+)$/$1 [$2]/;
744                 }
745                 # Convert "http://somehost.com/user" to "user [somehost.com]".
746                 if ($display !~ /\[/) {
747                         $display=~s/^https?:\/\/(.+)\/([^\/]+)$/$2 [$1]/;
748                 }
749                 $display=~s!^https?://!!; # make sure this is removed
750                 return "<a href=\"$user\">".escapeHTML($display)."</a>";
751         }
752         else {
753                 return htmllink("", "", escapeHTML(
754                         length $config{userdir} ? $config{userdir}."/".$user : $user
755                 ), noimageinline => 1);
756         }
757 } #}}}