X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/49524c429e8dec4e18a81dfcfbbc93cbd1da32c3..0a95ac2144de8552eeebabd6467bf25969352240:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index b540a7b37..7c12bee5b 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -28,6 +28,8 @@ sub page_locked ($$;$) { #{{{
 sub cgi_recentchanges ($) { #{{{
 	my $q=shift;
 	
+	unlockwiki();
+
 	my $template=HTML::Template->new(
 		filename => "$config{templatedir}/recentchanges.tmpl"
 	);
@@ -47,7 +49,7 @@ sub cgi_signin ($$) { #{{{
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
 		title => "signin",
-		fields => [qw(do page from name password confirm_password email)],
+		fields => [qw(do title page subpage from name password confirm_password email)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -68,7 +70,9 @@ sub cgi_signin ($$) { #{{{
 	$form->field(name => "name", required => 0);
 	$form->field(name => "do", type => "hidden");
 	$form->field(name => "page", type => "hidden");
+	$form->field(name => "title", type => "hidden");
 	$form->field(name => "from", type => "hidden");
+	$form->field(name => "subpage", type => "hidden");
 	$form->field(name => "password", type => "password", required => 0);
 	$form->field(name => "confirm_password", type => "password", required => 0);
 	$form->field(name => "email", required => 0);
@@ -143,6 +147,8 @@ sub cgi_signin ($$) { #{{{
 				print $q->redirect(
 					"$config{cgiurl}?do=".$form->field("do").
 					"&page=".$form->field("page").
+					"&title=".$form->field("title").
+					"&subpage=".$form->field("subpage").
 					"&from=".$form->field("from"));;
 			}
 			else {
@@ -273,7 +279,7 @@ sub cgi_editpage ($$) { #{{{
 
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
-		fields => [qw(do rcsinfo from page content comments)],
+		fields => [qw(do rcsinfo subpage from page content comments)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -288,8 +294,10 @@ sub cgi_editpage ($$) { #{{{
 	);
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
-	my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
-	if (! defined $page || ! length $page || $page ne $q->param('page') ||
+	# This untaint is safe because titlepage removes any problimatic
+	# characters.
+	my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+	if (! defined $page || ! length $page ||
 	    $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
 		error("bad page name");
 	}
@@ -305,6 +313,7 @@ sub cgi_editpage ($$) { #{{{
 	$form->field(name => "do", type => 'hidden');
 	$form->field(name => "from", type => 'hidden');
 	$form->field(name => "rcsinfo", type => 'hidden');
+	$form->field(name => "subpage", type => 'hidden');
 	$form->field(name => "page", value => "$page", force => 1);
 	$form->field(name => "comments", type => "text", size => 80);
 	$form->field(name => "content", type => "textarea", rows => 20,
@@ -348,14 +357,17 @@ sub cgi_editpage ($$) { #{{{
 			my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/;
 			if (! defined $from || ! length $from ||
 			    $from ne $form->param('from') ||
-			    $from=~/$config{wiki_file_prune_regexp}/ || $from=~/^\//) {
+			    $from=~/$config{wiki_file_prune_regexp}/ ||
+			    $from=~/^\// ||
+			    $form->submitted eq "Preview") {
 				@page_locs=$best_loc=$page;
 			}
 			else {
 				my $dir=$from."/";
 				$dir=~s![^/]+/$!!;
 				
-				if ($page eq 'discussion') {
+				if ((defined $form->param('subpage') && length $form->param('subpage')) ||
+				    $page eq 'discussion') {
 					$best_loc="$from/$page";
 				}
 				else {
@@ -378,7 +390,7 @@ sub cgi_editpage ($$) { #{{{
 			$form->tmpl_param("page_select", 1);
 			$form->field(name => "page", type => 'select',
 				options => \@page_locs, value => $best_loc);
-			$form->title("creating $page");
+			$form->title("creating ".pagetitle($page));
 		}
 		elsif ($form->field("do") eq "edit") {
 			page_locked($page, $session);
@@ -394,7 +406,7 @@ sub cgi_editpage ($$) { #{{{
 			}
 			$form->tmpl_param("page_select", 0);
 			$form->field(name => "page", type => 'hidden');
-			$form->title("editing $page");
+			$form->title("editing ".pagetitle($page));
 		}
 		
 		print $form->render(submit => \@buttons);
@@ -472,26 +484,9 @@ sub cgi () { #{{{
 		cgi_recentchanges($q);
 		return;
 	}
-	elsif ($do eq 'blog') {
-		# munge page name to be valid, no matter what freeform text
-		# is entered
-		my $page=$q->param('title');
-		$page=~y/ /_/;
-		$page=~s/([^-A-Za-z0-9_.:+])/"__".ord($1)."__"/eg;
-		# if the page already exist, munge it to be unique
-		my $from=$q->param('from');
-		my $add="";
-		while (exists $pagectime{"$from/$page$add"}) {
-			$add=1 unless length $add;
-			$add++;
-		}
-		$q->param('page', $page.$add);
-		$q->param('do', 'create');
-		# now it behaves same as create does
-	}
 	
-	CGI::Session->name("ikiwiki_session");
-
+	CGI::Session->name("ikiwiki_session_$config{wikiname}");
+	
 	my $oldmask=umask(077);
 	my $session = CGI::Session->new("driver:db_file", $q,
 		{ FileName => "$config{wikistatedir}/sessions.db" });
@@ -517,6 +512,20 @@ sub cgi () { #{{{
 	elsif ($do eq 'prefs') {
 		cgi_prefs($q, $session);
 	}
+	elsif ($do eq 'blog') {
+		my $page=titlepage(lc($q->param('title')));
+		# if the page already exists, munge it to be unique
+		my $from=$q->param('from');
+		my $add="";
+		while (exists $oldpagemtime{"$from/$page$add"}) {
+			$add=1 unless length $add;
+			$add++;
+		}
+		$q->param('page', $page.$add);
+		# now run same as create
+		$q->param('do', 'create');
+		cgi_editpage($q, $session);
+	}
 	else {
 		error("unknown do parameter");
 	}