X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/3789b385b210bd8fdfa755a0ca435c11fa53290e..4293e5bd6b726db8255028d50352b563511f2c16:/IkiWiki.pm

diff --git a/IkiWiki.pm b/IkiWiki.pm
index 1eda16da1..7a38c8f89 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1232,6 +1232,19 @@ sub cgiurl_abs (@) {
 	URI->new_abs(cgiurl(@_), $config{cgiurl});
 }
 
+# Same as cgiurl_abs, but when the user connected using https,
+# will be a https url even if the cgiurl is normally a http url.
+#
+# This should be used for anything involving emailing a login link,
+# because a https session cookie will not be sent over http.
+sub cgiurl_abs_samescheme (@) {
+	my $u=cgiurl_abs(@_);
+	if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off")) {
+		$u=~s/^http:/https:/i;
+	}
+	return $u
+}
+
 sub baseurl (;$) {
 	my $page=shift;
 
@@ -1655,6 +1668,10 @@ sub preprocess ($$$;$$) {
 					chomp $error;
 					eval q{use HTML::Entities};
 					$error = encode_entities($error);
+					# Also encode most ASCII punctuation
+					# as entities so that error messages
+					# are not interpreted as Markdown etc.
+					$error = encode_entities($error, '[](){}!#$%*?@^`|~'."\\");
 				 	$ret="[[!$command <span class=\"error\">".
 						gettext("Error").": $error"."</span>]]";
 				}