]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/poll.pm
passwordauth: avoid userinfo forgery via repeated email parameter
[git.ikiwiki.info.git] / IkiWiki / Plugin / poll.pm
index b333e2cdcff485edd81f4df426e1865c261a1199..2773486a6c69560fdd0a2236607b800dc88b15e6 100644 (file)
@@ -52,7 +52,7 @@ sub preprocess (@) {
        foreach my $choice (@choices) {
                if ($open && exists $config{cgiurl}) {
                        # use POST to avoid robots
        foreach my $choice (@choices) {
                if ($open && exists $config{cgiurl}) {
                        # use POST to avoid robots
-                       $ret.="<form method=\"POST\" action=\"$config{cgiurl}\">\n";
+                       $ret.="<form method=\"POST\" action=\"".IkiWiki::cgiurl()."\">\n";
                }
                my $percent=$total > 0 ? int($choices{$choice} / $total * 100) : 0;
                $ret.="<p>\n";
                }
                my $percent=$total > 0 ? int($choices{$choice} / $total * 100) : 0;
                $ret.="<p>\n";
@@ -103,7 +103,7 @@ sub sessioncgi ($$) {
                my $oldchoice=$session->param($choice_param);
                if (defined $oldchoice && $oldchoice eq $choice) {
                        # Same vote; no-op.
                my $oldchoice=$session->param($choice_param);
                if (defined $oldchoice && $oldchoice eq $choice) {
                        # Same vote; no-op.
-                       IkiWiki::redirect($cgi, urlto($page, undef, 1));
+                       IkiWiki::redirect($cgi, urlto($page));
                        exit;
                }
 
                        exit;
                }
 
@@ -153,7 +153,7 @@ sub sessioncgi ($$) {
                error($@) if $@;
                my $cookie = CGI::Cookie->new(-name=> $session->name, -value=> $session->id);
                print $cgi->redirect(-cookie => $cookie,
                error($@) if $@;
                my $cookie = CGI::Cookie->new(-name=> $session->name, -value=> $session->id);
                print $cgi->redirect(-cookie => $cookie,
-                       -url => urlto($page, undef, 1));
+                       -url => urlto($page));
                exit;
        }
 }
                exit;
        }
 }