]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/CGI.pm
Avoid mixed content when cgiurl is https but url is not
[git.ikiwiki.info.git] / IkiWiki / CGI.pm
index 30d108a81ca7be4bac8081040dbb1a5608f1436c..b6f47a3a7f73c2e0c8cba26f859ea47b334a8ad9 100644 (file)
@@ -12,7 +12,7 @@ use Encode;
 sub printheader ($) {
        my $session=shift;
        
-       if ($ENV{HTTPS} || $config{sslcookie}) {
+       if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off") || $config{sslcookie}) {
                print $session->header(-charset => 'utf-8',
                        -cookie => $session->cookie(-httponly => 1, -secure => 1));
        }
@@ -58,7 +58,10 @@ sub cgitemplate ($$$;@) {
        
        my $template=template("page.tmpl");
 
-       my $topurl = defined $cgi ? $cgi->url : $config{url};
+       my $topurl = $config{url};
+       if (defined $cgi && ! $config{w3mmode}) {
+               $topurl = $cgi->url;
+       }
 
        my $page="";
        if (exists $params{page}) {
@@ -79,7 +82,7 @@ sub cgitemplate ($$$;@) {
                title => $title,
                wikiname => $config{wikiname},
                content => $content,
-               baseurl => urlabs(urlto(undef), $topurl),
+               baseurl => urlabs(baseurl(), $topurl),
                html5 => $config{html5},
                %params,
        );
@@ -110,11 +113,23 @@ sub decode_cgi_utf8 ($) {
        }
 }
 
+sub safe_decode_utf8 ($) {
+    my $octets = shift;
+    # call decode_utf8 on >= 5.20 only if it's not already decoded,
+    # otherwise it balks, on < 5.20, always call it
+    if ($] < 5.02 || !Encode::is_utf8($octets)) {
+        return decode_utf8($octets);
+    }
+    else {
+        return $octets;
+    }
+}
+
 sub decode_form_utf8 ($) {
        if ($] >= 5.01) {
                my $form = shift;
                foreach my $f ($form->field) {
-                       my @value=map { decode_utf8($_) } $form->field($f);
+                       my @value=map { safe_decode_utf8($_) } $form->field($f);
                        $form->field(name  => $f,
                                     value => \@value,
                                     force => 1,
@@ -131,7 +146,7 @@ sub needsignin ($$) {
 
        if (! defined $session->param("name") ||
            ! userinfo_get($session->param("name"), "regdate")) {
-               $session->param(postsignin => $ENV{QUERY_STRING});
+               $session->param(postsignin => $q->query_string);
                cgi_signin($q, $session);
                cgi_savesession($session);
                exit;
@@ -351,7 +366,8 @@ sub cgi_getsession ($) {
                        { FileName => "$config{wikistatedir}/sessions.db" })
        };
        if (! $session || $@) {
-               error($@." ".CGI::Session->errstr());
+               my $error = $@;
+               error($error." ".CGI::Session->errstr());
        }
        
        umask($oldmask);
@@ -429,7 +445,7 @@ sub cgi (;$$) {
                        # userinfo db.
                        if (! userinfo_get($session->param("name"), "regdate")) {
                                userinfo_setall($session->param("name"), {
-                                       email => "",
+                                       email => defined $session->param("email") ? $session->param("email") : "",
                                        password => "",
                                        regdate => time,
                                }) || error("failed adding user");