passwordauth: avoid userinfo forgery via repeated email parameter
[git.ikiwiki.info.git] / IkiWiki / Plugin / editpage.pm
index 3d094c263196a7738295f81c8995ce365c5ce091..d15607990db2412b8a14f281864f82f98b3cac7f 100644 (file)
@@ -39,7 +39,7 @@ sub refresh () {
                                }
                                if ($delete) {
                                        debug(sprintf(gettext("removing old preview %s"), $file));
-                                       IkiWiki::prune("$config{destdir}/$file");
+                                       IkiWiki::prune("$config{destdir}/$file", $config{destdir});
                                }
                        }
                        elsif (defined $mtime) {
@@ -64,7 +64,8 @@ sub cgi_editpage ($$) {
 
        decode_cgi_utf8($q);
 
-       my @fields=qw(do rcsinfo subpage from page type editcontent editmessage);
+       my @fields=qw(do rcsinfo subpage from page type editcontent
+               editmessage subscribe);
        my @buttons=("Save Page", "Preview", "Cancel");
        eval q{use CGI::FormBuilder};
        error($@) if $@;
@@ -157,6 +158,17 @@ sub cgi_editpage ($$) {
                        noimageinline => 1,
                        linktext => "FormattingHelp"));
        
+       my $cansubscribe=IkiWiki::Plugin::notifyemail->can("subscribe")
+               && IkiWiki::Plugin::comments->can("import")
+               && defined $session->param('name');
+       if ($cansubscribe) {
+               $form->field(name => "subscribe", type => "checkbox",
+                       options => [gettext("email comments to me")]);
+       }
+       else {
+               $form->field(name => "subscribe", type => 'hidden');
+       }
+       
        my $previewing=0;
        if ($form->submitted eq "Cancel") {
                if ($form->field("do") eq "create" && defined $from) {
@@ -227,27 +239,36 @@ sub cgi_editpage ($$) {
                            $absolute ||
                            $form->submitted) {
                                @page_locs=$best_loc=$page;
+                               unshift @page_locs, lc($page)
+                                       if ! $form->submitted && lc($page) ne $page;
+                       }
+                       elsif (lc $page eq lc $config{discussionpage}) {
+                               @page_locs=$best_loc="$from/".lc($page);
                        }
                        else {
                                my $dir=$from."/";
                                $dir=~s![^/]+/+$!!;
                                
                                if ((defined $form->field('subpage') &&
-                                    length $form->field('subpage')) ||
-                                   $page eq lc($config{discussionpage})) {
+                                    length $form->field('subpage'))) {
                                        $best_loc="$from/$page";
                                }
                                else {
                                        $best_loc=$dir.$page;
                                }
                                
+                               my $mixedcase=lc($page) ne $page;
+
+                               push @page_locs, $dir.lc($page) if $mixedcase;
                                push @page_locs, $dir.$page;
-                               push @page_locs, "$from/$page";
+                               push @page_locs, $from."/".lc($page) if $mixedcase;
+                               push @page_locs, $from."/".$page;
                                while (length $dir) {
                                        $dir=~s![^/]+/+$!!;
+                                       push @page_locs, $dir.lc($page) if $mixedcase;
                                        push @page_locs, $dir.$page;
                                }
-                       
+
                                my $userpage=IkiWiki::userpage($page);
                                push @page_locs, $userpage
                                        if ! grep { $_ eq $userpage } @page_locs;
@@ -439,6 +460,12 @@ sub cgi_editpage ($$) {
                        # caches and get the most recent version of the page.
                        redirect($q, $baseurl."?updated");
                }
+
+               if ($cansubscribe && length $form->field("subscribe")) {
+                       my $subspec="comment($page)";
+                       IkiWiki::Plugin::notifyemail::subscribe(
+                               $session->param('name'), $subspec);
+               }
        }
 
        exit;