default_plugins => {
type => "internal",
default => [qw{mdwn link inline meta htmlscrubber passwordauth
- openid emailauth signinedit lockedit conditional
+ openid signinedit lockedit conditional
recentchanges parentlinks editpage
templatebody}],
description => "plugins to enable by default",
safe => 1,
rebuild => 1,
},
+ deterministic => {
+ type => "boolean",
+ default => 0,
+ description => "try harder to produce deterministic output",
+ safe => 1,
+ rebuild => 1,
+ advanced => 1,
+ },
}
sub getlibdirs () {
$log_open=1;
}
eval {
- # keep a copy to avoid editing the original config repeatedly
- my $wikiname = $config{wikiname};
- utf8::encode($wikiname);
- Sys::Syslog::syslog($type, "[$wikiname] %s", join(" ", @_));
+ my $message = "[$config{wikiname}] ".join(" ", @_);
+ utf8::encode($message);
+ Sys::Syslog::syslog($type, "%s", $message);
};
if ($@) {
print STDERR "failed to syslog: $@" unless $log_failed;
}
return $cgiurl."?".
- join("&", map $_."=".uri_escape_utf8($params{$_}), keys %params);
+ join("&", map $_."=".uri_escape_utf8($params{$_}), sort(keys %params));
}
sub cgiurl_abs (@) {
URI->new_abs(cgiurl(@_), $config{cgiurl});
}
+# Same as cgiurl_abs, but when the user connected using https,
+# will be a https url even if the cgiurl is normally a http url.
+#
+# This should be used for anything involving emailing a login link,
+# because a https session cookie will not be sent over http.
+sub cgiurl_abs_samescheme (@) {
+ my $u=cgiurl_abs(@_);
+ if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off")) {
+ $u=~s/^http:/https:/i;
+ }
+ return $u
+}
+
sub baseurl (;$) {
my $page=shift;
my $strftime_encoding;
sub strftime_utf8 {
- # strftime doesn't know about encodings, so make sure
+ # strftime didn't know about encodings in older Perl, so make sure
# its output is properly treated as utf8.
# Note that this does not handle utf-8 in the format string.
+ my $result = POSIX::strftime(@_);
+
+ if (Encode::is_utf8($result)) {
+ return $result;
+ }
+
($strftime_encoding) = POSIX::setlocale(&POSIX::LC_TIME) =~ m#\.([^@]+)#
unless defined $strftime_encoding;
$strftime_encoding
- ? Encode::decode($strftime_encoding, POSIX::strftime(@_))
- : POSIX::strftime(@_);
+ ? Encode::decode($strftime_encoding, $result)
+ : $result;
}
sub date_3339 ($) {
return length $config{userdir} ? "$config{userdir}/$user" : $user;
}
+# Username to display for openid accounts.
sub openiduser ($) {
my $user=shift;
return;
}
+# Username to display for emailauth accounts.
sub emailuser ($) {
my $user=shift;
if (defined $user && $user =~ m/(.+)@/) {
my $nick=$1;
# remove any characters from not allowed in wiki files
- $nick=~s/[^$config{wiki_file_chars}]/_/g;
+ # support use w/o %config set
+ my $chars = defined $config{wiki_file_chars} ? $config{wiki_file_chars} : "-[:alnum:]+/.:_";
+ $nick=~s/[^$chars]/_/g;
return $nick;
}
return;
}
+# Some user information should not be exposed in commit metadata, etc.
+# This generates a cloaked form of such information.
+sub cloak ($) {
+ my $user=shift;
+ # cloak email address using http://xmlns.com/foaf/spec/#term_mbox_sha1sum
+ if ($user=~m/(.+)@/) {
+ my $nick=$1;
+ eval q{use Digest::SHA};
+ return $user if $@;
+ return $nick.'@'.Digest::SHA::sha1_hex("mailto:$user");
+ }
+ else {
+ return $user;
+ }
+}
+
sub htmlize ($$$$) {
my $page=shift;
my $destpage=shift;
if ($@) {
my $error=$@;
chomp $error;
+ eval q{use HTML::Entities};
+ $error = encode_entities($error);
+ # Also encode most ASCII punctuation
+ # as entities so that error messages
+ # are not interpreted as Markdown etc.
+ $error = encode_entities($error, '[](){}!#$%*?@^`|~'."\\");
$ret="[[!$command <span class=\"error\">".
gettext("Error").": $error"."</span>]]";
}
$file=possibly_foolish_untaint($file);
if (! defined $file || ! length $file ||
file_pruned($file)) {
- error(gettext("bad file name %s"), $file);
+ error(sprintf(gettext("bad file name %s"), $file));
}
my $type=pagetype($file);