* Escape shashes in page titles entered in the blog post form.

[git.ikiwiki.info.git] / IkiWiki / CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 511358ff55046157cfd7635800153d9c19f5dbb6..83ed959c02a9d1d7d90fdc1ec8195f76f1608703 100644 (file)
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -419,6 +419,8 @@ sub cgi_editpage ($$) { #{{{
                                        push @page_locs, $dir.$page;
                                }
                        }
+                       push @page_locs, "$config{userdir}/$page"
+                               if length $config{userdir};
 
                        @page_locs = grep {
                                ! exists $pagecase{lc $_} &&
@@ -632,6 +634,7 @@ sub cgi (;$$) { #{{{
        }
        elsif ($do eq 'blog') {
                my $page=titlepage(decode_utf8($q->param('title')));
+               $page=~s/(\/)/"__".ord($1)."__"/eg; # escape slashes too
                # if the page already exists, munge it to be unique
                my $from=$q->param('from');
                my $add="";
@@ -663,6 +666,10 @@ sub userlink ($) { #{{{
                if ($display !~ /\[/) {
                        $display=~s/^(.*?)\.([^.]+\.[a-z]+)$/$1 [$2]/;
                }
+               # Convert "somehost.com/user" to "user [somehost.com]".
+               if ($display !~ /\[/) {
+                       $display=~s/^(.+)\/[^\/](.+)$/$2 [$1]/;
+               }
                $display=~s!^https?://!!; # make sure this is removed
                return "<a href=\"$user\">".escapeHTML($display)."</a>";
        }