X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/25c35b6e90c984540b1f5e6ea9755ce1e3e36d13..53453ebdb2c6624abcbb56a2f9605fffcd326c77:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 97ca6714f..6f5d8aee6 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -14,9 +14,10 @@ sub printheader ($) { #{{{
 	
 	if ($config{sslcookie}) {
 		print $session->header(-charset => 'utf-8',
-			-cookie => $session->cookie(-secure => 1));
+			-cookie => $session->cookie(-httponly => 1, -secure => 1));
 	} else {
-		print $session->header(-charset => 'utf-8');
+		print $session->header(-charset => 'utf-8',
+			-cookie => $session->cookie(-httponly => 1));
 	}
 } #}}}
 
@@ -226,12 +227,11 @@ sub cgi_prefs ($$) { #{{{
 	$form->field(name => "sid", type => "hidden", value => $session->id,
 		force => 1);
 	$form->field(name => "email", size => 50, fieldset => "preferences");
-	$form->field(name => "banned_users", size => 50,
-		fieldset => "admin");
 	
 	my $user_name=$session->param("name");
 
 	# XXX deprecated, should be removed eventually
+	$form->field(name => "banned_users", size => 50, fieldset => "admin");
 	if (! is_admin($user_name)) {
 		$form->field(name => "banned_users", type => "hidden");
 	}
@@ -776,7 +776,7 @@ sub cgi (;$$) { #{{{
 	}
 } #}}}
 
-# Does not need tobe called directly; all errors will go through here.
+# Does not need to be called directly; all errors will go through here.
 sub cgierror ($) { #{{{
 	my $message=shift;