- # The session id is stored on the form and checked to
- # guard against CSRF. But only if the user is logged in,
- # as anonok can allow anonymous edits.
- if (defined $session->param("name")) {
- my $sid=$q->param('sid');
- if (! defined $sid || $sid ne $session->id) {
- error(gettext("Your login session has expired."));
- }
- }
-
- my $exists=-e "$config{srcdir}/$file";
-
- if ($form->field("do") ne "create" && ! $exists &&
- ! defined srcfile($file, 1)) {
- $form->tmpl_param("page_gone", 1);
- $form->field(name => "do", value => "create", force => 1);
- $form->tmpl_param("page_select", 0);
- $form->field(name => "page", type => 'hidden');
- $form->field(name => "type", type => 'hidden');
- $form->title(sprintf(gettext("editing %s"), $page));
- showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
- return;
- }
- elsif ($form->field("do") eq "create" && $exists) {
- $form->tmpl_param("creation_conflict", 1);
- $form->field(name => "do", value => "edit", force => 1);
- $form->tmpl_param("page_select", 0);
- $form->field(name => "page", type => 'hidden');
- $form->field(name => "type", type => 'hidden');
- $form->title(sprintf(gettext("editing %s"), $page));
- $form->field("editcontent",
- value => readfile("$config{srcdir}/$file").
- "\n\n\n".$form->field("editcontent"),
- force => 1);
- showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
- return;
- }
-
- my $content=$form->field('editcontent');
- run_hooks(editcontent => sub {
- $content=shift->(
- content => $content,
- page => $page,
- cgi => $q,
- session => $session,
- );
- });
- $content=~s/\r\n/\n/g;
- $content=~s/\r/\n/g;
- $content.="\n" if $content !~ /\n$/;
-
- $config{cgi}=0; # avoid cgi error message
- eval { writefile($file, $config{srcdir}, $content) };
- $config{cgi}=1;
- if ($@) {
- $form->field(name => "rcsinfo", value => rcs_prepedit($file),
- force => 1);
- $form->tmpl_param("failed_save", 1);
- $form->tmpl_param("error_message", $@);
- $form->field("editcontent", value => $content, force => 1);
- $form->tmpl_param("page_select", 0);
- $form->field(name => "page", type => 'hidden');
- $form->field(name => "type", type => 'hidden');
- $form->title(sprintf(gettext("editing %s"), $page));
- showform($form, \@buttons, $session, $q,
- forcebaseurl => $baseurl);
- return;
- }
-
- my $conflict;
- if ($config{rcs}) {
- my $message="";
- if (defined $form->field('comments') &&
- length $form->field('comments')) {
- $message=$form->field('comments');
- }
-
- if (! $exists) {
- rcs_add($file);
- }