]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki.pm
img: restrict to JPEG, PNG and GIF images by default
[git.ikiwiki.info.git] / IkiWiki.pm
index d5d11ee857c02b1520fc6a971032cc592df78d23..b55078af0772cbc52150392a8e13e8aa8b5158da 100644 (file)
@@ -108,6 +108,14 @@ sub getsetup () {
                safe => 1,
                rebuild => 1,
        },
                safe => 1,
                rebuild => 1,
        },
+       reverse_proxy => {
+               type => "boolean",
+               default => 0,
+               description => "do not adjust cgiurl if CGI is accessed via different URL",
+               advanced => 0,
+               safe => 1,
+               rebuild => 0, # only affects CGI requests
+       },
        cgi_wrapper => {
                type => "string",
                default => '',
        cgi_wrapper => {
                type => "string",
                default => '',
@@ -535,7 +543,7 @@ sub getsetup () {
        },
        useragent => {
                type => "string",
        },
        useragent => {
                type => "string",
-               default => undef,
+               default => "ikiwiki/$version",
                example => "Wget/1.13.4 (linux-gnu)",
                description => "set custom user agent string for outbound HTTP requests e.g. when fetching aggregated RSS feeds",
                safe => 0,
                example => "Wget/1.13.4 (linux-gnu)",
                description => "set custom user agent string for outbound HTTP requests e.g. when fetching aggregated RSS feeds",
                safe => 0,
@@ -613,12 +621,39 @@ sub checkconfig () {
 
                        $local_cgiurl = $cgiurl->path;
 
 
                        $local_cgiurl = $cgiurl->path;
 
-                       if ($cgiurl->scheme ne $baseurl->scheme or
-                               $cgiurl->authority ne $baseurl->authority) {
+                       if ($cgiurl->scheme eq 'https' &&
+                               $baseurl->scheme eq 'http') {
+                               # We assume that the same content is available
+                               # over both http and https, because if it
+                               # wasn't, accessing the static content
+                               # from the CGI would be mixed-content,
+                               # which would be a security flaw.
+
+                               if ($cgiurl->authority ne $baseurl->authority) {
+                                       # use protocol-relative URL for
+                                       # static content
+                                       $local_url = "$config{url}/";
+                                       $local_url =~ s{^http://}{//};
+                               }
+                               # else use host-relative URL for static content
+
+                               # either way, CGI needs to be absolute
+                               $local_cgiurl = $config{cgiurl};
+                       }
+                       elsif ($cgiurl->scheme ne $baseurl->scheme) {
                                # too far apart, fall back to absolute URLs
                                $local_url = "$config{url}/";
                                $local_cgiurl = $config{cgiurl};
                        }
                                # too far apart, fall back to absolute URLs
                                $local_url = "$config{url}/";
                                $local_cgiurl = $config{cgiurl};
                        }
+                       elsif ($cgiurl->authority ne $baseurl->authority) {
+                               # slightly too far apart, fall back to
+                               # protocol-relative URLs
+                               $local_url = "$config{url}/";
+                               $local_url =~ s{^https?://}{//};
+                               $local_cgiurl = $config{cgiurl};
+                               $local_cgiurl =~ s{^https?://}{//};
+                       }
+                       # else keep host-relative URLs
                }
 
                $local_url =~ s{//$}{/};
                }
 
                $local_url =~ s{//$}{/};
@@ -1535,6 +1570,8 @@ sub preprocess ($$$;$$) {
                                if ($@) {
                                        my $error=$@;
                                        chomp $error;
                                if ($@) {
                                        my $error=$@;
                                        chomp $error;
+                                       eval q{use HTML::Entities};
+                                       $error = encode_entities($error);
                                        $ret="[[!$command <span class=\"error\">".
                                                gettext("Error").": $error"."</span>]]";
                                }
                                        $ret="[[!$command <span class=\"error\">".
                                                gettext("Error").": $error"."</span>]]";
                                }