X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/3789b385b210bd8fdfa755a0ca435c11fa53290e..796f5749859a1fa48ad068b5f2ab9889e0ae88e8:/IkiWiki.pm

diff --git a/IkiWiki.pm b/IkiWiki.pm
index 1eda16da1..90cb96e58 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1232,6 +1232,19 @@ sub cgiurl_abs (@) {
 	URI->new_abs(cgiurl(@_), $config{cgiurl});
 }
 
+# Same as cgiurl_abs, but when the user connected using https,
+# will be a https url even if the cgiurl is normally a http url.
+#
+# This should be used for anything involving emailing a login link,
+# because a https session cookie will not be sent over http.
+sub cgiurl_abs_samescheme (@) {
+	my $u=cgiurl_abs(@_);
+	if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off")) {
+		$u=~s/^http:/https:/i;
+	}
+	return $u
+}
+
 sub baseurl (;$) {
 	my $page=shift;
 
@@ -1654,7 +1667,10 @@ sub preprocess ($$$;$$) {
 					my $error=$@;
 					chomp $error;
 					eval q{use HTML::Entities};
-					$error = encode_entities($error);
+					# Also encode most ASCII punctuation
+					# as entities so that error messages
+					# are not interpreted as Markdown etc.
+					$error = encode_entities($error, '^-A-Za-z0-9+_,./:;= '."'");
 				 	$ret="[[!$command <span class=\"error\">".
 						gettext("Error").": $error"."</span>]]";
 				}