Merge branch 'master' into 'debian/master'

[git.ikiwiki.info.git] / IkiWiki.pm

diff --git a/IkiWiki.pm b/IkiWiki.pm
index 1eda16da18b1d4f8a5876f6d9800be207ffaf52a..7a38c8f89a44fd42d7e61a2871dd2014e4ac3b09 100644 (file)
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1232,6 +1232,19 @@ sub cgiurl_abs (@) {
        URI->new_abs(cgiurl(@_), $config{cgiurl});
 }
 
+# Same as cgiurl_abs, but when the user connected using https,
+# will be a https url even if the cgiurl is normally a http url.
+#
+# This should be used for anything involving emailing a login link,
+# because a https session cookie will not be sent over http.
+sub cgiurl_abs_samescheme (@) {
+       my $u=cgiurl_abs(@_);
+       if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off")) {
+               $u=~s/^http:/https:/i;
+       }
+       return $u
+}
+
 sub baseurl (;$) {
        my $page=shift;
 
@@ -1655,6 +1668,10 @@ sub preprocess ($$$;$$) {
                                        chomp $error;
                                        eval q{use HTML::Entities};
                                        $error = encode_entities($error);
+                                       # Also encode most ASCII punctuation
+                                       # as entities so that error messages
+                                       # are not interpreted as Markdown etc.
+                                       $error = encode_entities($error, '[](){}!#$%*?@^`|~'."\\");
                                        $ret="[[!$command <span class=\"error\">".
                                                gettext("Error").": $error"."</span>]]";
                                }