X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/b5656f595db27fd8e6b916954ebf39a569fcb96c..20fd32fcf3bfa8653fb876117970ebd07cc1bb35:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index fb4fd4475..67bce6795 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -38,6 +38,7 @@ sub cgi_recentchanges ($) { #{{{
 		indexlink => indexlink(),
 		wikiname => $config{wikiname},
 		changelog => [rcs_recentchanges(100)],
+		styleurl => styleurl(),
 	);
 	print $q->header, $template->output;
 } #}}}
@@ -64,7 +65,8 @@ sub cgi_signin ($$) { #{{{
 		action => $q->request_uri,
 		header => 0,
 		template => (-e "$config{templatedir}/signin.tmpl" ?
-		              "$config{templatedir}/signin.tmpl" : "")
+		              "$config{templatedir}/signin.tmpl" : ""),
+		stylesheet => styleurl(),
 	);
 	
 	$form->field(name => "name", required => 0);
@@ -144,12 +146,13 @@ sub cgi_signin ($$) { #{{{
 			$session->param("name", $form->field("name"));
 			if (defined $form->field("do") && 
 			    $form->field("do") ne 'signin') {
-				print $q->redirect(
-					"$config{cgiurl}?do=".$form->field("do").
-					"&page=".$form->field("page").
-					"&title=".$form->field("title").
-					"&subpage=".$form->field("subpage").
-					"&from=".$form->field("from"));;
+				print $q->redirect(cgiurl(
+					do => $form->field("do"),
+					page => $form->field("page"),
+					title => $form->field("title"),
+					subpage => $form->field("subpage"),
+					from => $form->field("from"),
+				));
 			}
 			else {
 				print $q->redirect($config{url});
@@ -227,7 +230,8 @@ sub cgi_prefs ($$) { #{{{
 		params => $q,
 		action => $q->request_uri,
 		template => (-e "$config{templatedir}/prefs.tmpl" ?
-		              "$config{templatedir}/prefs.tmpl" : "")
+		              "$config{templatedir}/prefs.tmpl" : ""),
+		stylesheet => styleurl(),
 	);
 	my @buttons=("Save Preferences", "Logout", "Cancel");
 	
@@ -294,8 +298,10 @@ sub cgi_editpage ($$) { #{{{
 	);
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
-	my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
-	if (! defined $page || ! length $page || $page ne $q->param('page') ||
+	# This untaint is safe because titlepage removes any problimatic
+	# characters.
+	my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+	if (! defined $page || ! length $page ||
 	    $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
 		error("bad page name");
 	}
@@ -320,6 +326,7 @@ sub cgi_editpage ($$) { #{{{
 	$form->tmpl_param("indexlink", indexlink());
 	$form->tmpl_param("helponformattinglink",
 		htmllink("", "HelpOnFormatting", 1));
+	$form->tmpl_param("styleurl", styleurl());
 	if (! $form->submitted) {
 		$form->field(name => "rcsinfo", value => rcs_prepedit($file),
 			force => 1);
@@ -364,7 +371,7 @@ sub cgi_editpage ($$) { #{{{
 				my $dir=$from."/";
 				$dir=~s![^/]+/$!!;
 				
-				if (length $form->param('subpage') ||
+				if ((defined $form->param('subpage') && length $form->param('subpage')) ||
 				    $page eq 'discussion') {
 					$best_loc="$from/$page";
 				}
@@ -511,12 +518,8 @@ sub cgi () { #{{{
 		cgi_prefs($q, $session);
 	}
 	elsif ($do eq 'blog') {
-		# munge page name to be valid, no matter what freeform text
-		# is entered
-		my $page=lc($q->param('title'));
-		$page=~y/ /_/;
-		$page=~s/([^-A-Za-z0-9_:+\/])/"__".ord($1)."__"/eg;
-		# if the page already exist, munge it to be unique
+		my $page=titlepage(lc($q->param('title')));
+		# if the page already exists, munge it to be unique
 		my $from=$q->param('from');
 		my $add="";
 		while (exists $oldpagemtime{"$from/$page$add"}) {