indexlink => indexlink(),
wikiname => $config{wikiname},
changelog => [rcs_recentchanges(100)],
+ styleurl => styleurl(),
);
print $q->header, $template->output;
} #}}}
action => $q->request_uri,
header => 0,
template => (-e "$config{templatedir}/signin.tmpl" ?
- "$config{templatedir}/signin.tmpl" : "")
+ "$config{templatedir}/signin.tmpl" : ""),
+ stylesheet => styleurl(),
);
$form->field(name => "name", required => 0);
$session->param("name", $form->field("name"));
if (defined $form->field("do") &&
$form->field("do") ne 'signin') {
- print $q->redirect(
- "$config{cgiurl}?do=".$form->field("do").
- "&page=".$form->field("page").
- "&title=".$form->field("title").
- "&subpage=".$form->field("subpage").
- "&from=".$form->field("from"));;
+ print $q->redirect(cgiurl(
+ do => $form->field("do"),
+ page => $form->field("page"),
+ title => $form->field("title"),
+ subpage => $form->field("subpage"),
+ from => $form->field("from"),
+ ));
}
else {
print $q->redirect($config{url});
params => $q,
action => $q->request_uri,
template => (-e "$config{templatedir}/prefs.tmpl" ?
- "$config{templatedir}/prefs.tmpl" : "")
+ "$config{templatedir}/prefs.tmpl" : ""),
+ stylesheet => styleurl(),
);
my @buttons=("Save Preferences", "Logout", "Cancel");
);
my @buttons=("Save Page", "Preview", "Cancel");
- my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
- if (! defined $page || ! length $page || $page ne $q->param('page') ||
+ # This untaint is safe because titlepage removes any problimatic
+ # characters.
+ my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+ if (! defined $page || ! length $page ||
$page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
error("bad page name");
}
$form->tmpl_param("indexlink", indexlink());
$form->tmpl_param("helponformattinglink",
htmllink("", "HelpOnFormatting", 1));
+ $form->tmpl_param("styleurl", styleurl());
if (! $form->submitted) {
$form->field(name => "rcsinfo", value => rcs_prepedit($file),
force => 1);
my $dir=$from."/";
$dir=~s![^/]+/$!!;
- if (length $form->param('subpage') ||
+ if ((defined $form->param('subpage') && length $form->param('subpage')) ||
$page eq 'discussion') {
$best_loc="$from/$page";
}
return;
}
- CGI::Session->name("ikiwiki_session");
-
+ CGI::Session->name("ikiwiki_session_$config{wikiname}");
+
my $oldmask=umask(077);
my $session = CGI::Session->new("driver:db_file", $q,
{ FileName => "$config{wikistatedir}/sessions.db" });
cgi_prefs($q, $session);
}
elsif ($do eq 'blog') {
- # munge page name to be valid, no matter what freeform text
- # is entered
- my $page=lc($q->param('title'));
- $page=~y/ /_/;
- $page=~s/([^-A-Za-z0-9_:+\/])/"__".ord($1)."__"/eg;
- # if the page already exist, munge it to be unique
+ my $page=titlepage(lc($q->param('title')));
+ # if the page already exists, munge it to be unique
my $from=$q->param('from');
my $add="";
while (exists $oldpagemtime{"$from/$page$add"}) {