]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/rename.pm
HTML-escape error messages (OVE-20160505-0012)
[git.ikiwiki.info.git] / IkiWiki / Plugin / rename.pm
index b5f37e913c58e166160f60990e91c1522955c733..6d56340b896519e921e9b6c7d8a06ffd1d56fe2a 100644 (file)
@@ -206,41 +206,45 @@ sub rename_start ($$$$) {
        exit 0;
 }
 
-sub postrename ($$;$$$) {
+sub postrename ($$$;$$) {
        my $cgi=shift;
        my $session=shift;
        my $src=shift;
        my $dest=shift;
        my $attachment=shift;
 
-       # Load saved form state and return to edit page.
-       my $postrename=CGI->new($session->param("postrename"));
-       $session->clear("postrename");
-       IkiWiki::cgi_savesession($session);
+       # Load saved form state and return to edit page, using stored old
+       # cgi state. Or, if the rename was not started on the edit page, 
+       # return to the renamed page.
+       my $postrename=$session->param("postrename");
        if (! defined $postrename) {
-               redirect($cgi, urlto(defined $dest ? $dest : $src));
+               IkiWiki::redirect($cgi, urlto(defined $dest ? $dest : $src));
+               exit;
        }
+       my $oldcgi=CGI->new($postrename);
+       $session->clear("postrename");
+       IkiWiki::cgi_savesession($session);
 
        if (defined $dest) {
                if (! $attachment) {
                        # They renamed the page they were editing. This requires
                        # fixups to the edit form state.
                        # Tweak the edit form to be editing the new page.
-                       $postrename->param("page", $dest);
+                       $oldcgi->param("page", $dest);
                }
 
                # Update edit form content to fix any links present
                # on it.
-               $postrename->param("editcontent",
+               $oldcgi->param("editcontent",
                        renamepage_hook($dest, $src, $dest,
-                                $postrename->param("editcontent")));
+                               scalar $oldcgi->param("editcontent")));
 
                # Get a new edit token; old was likely invalidated.
-               $postrename->param("rcsinfo",
+               $oldcgi->param("rcsinfo",
                        IkiWiki::rcs_prepedit($pagesources{$dest}));
        }
 
-       IkiWiki::cgi_editpage($postrename, $session);
+       IkiWiki::cgi_editpage($oldcgi, $session);
 }
 
 sub formbuilder (@) {
@@ -293,7 +297,7 @@ sub sessioncgi ($$) {
 
        if ($q->param("do") eq 'rename') {
                my $session=shift;
-               my ($form, $buttons)=rename_form($q, $session, Encode::decode_utf8($q->param("page")));
+               my ($form, $buttons)=rename_form($q, $session, Encode::decode_utf8(scalar $q->param("page")));
                IkiWiki::decode_form_utf8($form);
                my $src=$form->field("page");
 
@@ -301,7 +305,7 @@ sub sessioncgi ($$) {
                        postrename($q, $session, $src);
                }
                elsif ($form->submitted eq 'Rename' && $form->validate) {
-                       IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+                       IkiWiki::checksessionexpiry($q, $session);
 
                        # These untaints are safe because of the checks
                        # performed in check_canrename later.
@@ -328,7 +332,7 @@ sub sessioncgi ($$) {
                                IkiWiki::Plugin::attachment::is_held_attachment($src);
                        if ($held) {
                                rename($held, IkiWiki::Plugin::attachment::attachment_holding_location($dest));
-                               postrename($q, $session, $src, $dest, $q->param("attachment"))
+                               postrename($q, $session, $src, $dest, scalar $q->param("attachment"))
                                        unless defined $srcfile;
                        }
                        
@@ -434,7 +438,7 @@ sub sessioncgi ($$) {
                                $renamesummary.=$template->output;
                        }
 
-                       postrename($q, $session, $src, $dest, $q->param("attachment"));
+                       postrename($q, $session, $src, $dest, scalar $q->param("attachment"));
                }
                else {
                        IkiWiki::showform($form, $buttons, $session, $q);