+
+ # The session id is stored on the form and checked to
+ # guard against CSRF. But only if the user is logged in,
+ # as anonok can allow anonymous edits.
+ if (defined $session->param("name")) {
+ my $sid=$q->param('sid');
+ if (! defined $sid || $sid ne $session->id) {
+ error(gettext("Your login session has expired."));
+ }
+ }
+
+ my $exists=-e "$config{srcdir}/$file";
+
+ if ($form->field("do") ne "create" && ! $exists &&
+ ! eval { srcfile($file) }) {
+ $form->tmpl_param("page_gone", 1);
+ $form->field(name => "do", value => "create", force => 1);
+ $form->tmpl_param("page_select", 0);
+ $form->field(name => "page", type => 'hidden');
+ $form->field(name => "type", type => 'hidden');
+ $form->title(sprintf(gettext("editing %s"), $page));
+ showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
+ return;
+ }
+ elsif ($form->field("do") eq "create" && $exists) {
+ $form->tmpl_param("creation_conflict", 1);
+ $form->field(name => "do", value => "edit", force => 1);
+ $form->tmpl_param("page_select", 0);
+ $form->field(name => "page", type => 'hidden');
+ $form->field(name => "type", type => 'hidden');
+ $form->title(sprintf(gettext("editing %s"), $page));
+ $form->field("editcontent",
+ value => readfile("$config{srcdir}/$file").
+ "\n\n\n".$form->field("editcontent"),
+ force => 1);
+ showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
+ return;
+ }