]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/poll.pm
Do not allow the about: URI scheme
[git.ikiwiki.info.git] / IkiWiki / Plugin / poll.pm
index 56034b60ad766654c599849c16c965e93f7162d8..41ebd74a00763f2bff17e952c2d72047061d7216 100644 (file)
@@ -3,11 +3,11 @@ package IkiWiki::Plugin::poll;
 
 use warnings;
 use strict;
-use IkiWiki;
+use IkiWiki 2.00;
 
 sub import { #{{{
        hook(type => "preprocess", id => "poll", call => \&preprocess);
-       hook(type => "cgi", id => "poll", call => \&cgi);
+       hook(type => "sessioncgi", id => "poll", call => \&sessioncgi);
 } # }}}
 
 sub yesno ($) { #{{{
@@ -45,7 +45,8 @@ sub preprocess (@) { #{{{
        my $ret="";
        foreach my $choice (@choices) {
                if ($open && exists $config{cgiurl}) {
-                       $ret.="<form action=\"$config{cgiurl}\">\n";
+                       # use POST to avoid robots
+                       $ret.="<form method=\"POST\" action=\"$config{cgiurl}\">\n";
                }
                my $percent=$total > 0 ? int($choices{$choice} / $total * 100) : 0;
                $ret.="<p>\n";
@@ -60,7 +61,7 @@ sub preprocess (@) { #{{{
                        $ret.="<input type=\"hidden\" name=\"num\" value=\"$pagenum{$params{page}}\" />\n";
                        $ret.="<input type=\"hidden\" name=\"page\" value=\"$params{page}\" />\n";
                        $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
-                       $ret.="<input type=\"submit\" value=\"vote\" />\n";
+                       $ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
                }
                $ret.="</p>\n<hr class=poll align=left width=\"$percent%\"/>\n";
                if ($open && exists $config{cgiurl}) {
@@ -68,13 +69,14 @@ sub preprocess (@) { #{{{
                }
        }
        if ($showtotal) {
-               $ret.="<span>Total votes: $total</span>\n";
+               $ret.="<span>".gettext("Total votes:")." $total</span>\n";
        }
        return "<div class=poll>$ret</div>";
 } # }}}
 
-sub cgi ($) { #{{{
+sub sessioncgi ($$) { #{{{
        my $cgi=shift;
+       my $session=shift;
        if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
                my $choice=$cgi->param('choice');
                if (! defined $choice) {
@@ -91,7 +93,6 @@ sub cgi ($) { #{{{
 
                # Did they vote before? If so, let them change their vote,
                # and check for dups.
-               my $session=IkiWiki::cgi_getsession();
                my $choice_param="poll_choice_${page}_$num";
                my $oldchoice=$session->param($choice_param);
                if (defined $oldchoice && $oldchoice eq $choice) {
@@ -124,17 +125,17 @@ sub cgi ($) { #{{{
                IkiWiki::cgi_savesession($session);
                $oldchoice=$session->param($choice_param);
                if ($config{rcs}) {
-                       # prevent deadlock with post-commit hook
-                       IkiWiki::unlockwiki();
-                       IkiWiki::rcs_commit($pagesources{$page}, "poll vote",
+                       IkiWiki::disable_commit_hook();
+                       IkiWiki::rcs_commit($pagesources{$page}, "poll vote ($choice)",
                                IkiWiki::rcs_prepedit($pagesources{$page}),
                                $session->param("name"), $ENV{REMOTE_ADDR});
+                       IkiWiki::enable_commit_hook();
+                       IkiWiki::rcs_update();
                }
-               else {
-                       require IkiWiki::Render;
-                       IkiWiki::refresh();
-                       IkiWiki::saveindex();
-               }
+               require IkiWiki::Render;
+               IkiWiki::refresh();
+               IkiWiki::saveindex();
+
                # Need to set cookie in same http response that does the
                # redir.
                eval q{use CGI::Cookie};