X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/cfb2c22906f41d4a4dd1c3404e8e430a35c1cd41..1b4571acd57294e4048e0dc61b1146cf4310913e:/IkiWiki/Plugin/passwordauth.pm

diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 7c01bb3ff..33b8efbed 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -231,7 +231,7 @@ sub formbuilder_setup (@) {
 				$form->field(
 					name => "password",
 					validate => sub {
-						checkpassword($form->field("name"), shift);
+						checkpassword(scalar $form->field("name"), shift);
 					},
 				);
 			}
@@ -251,6 +251,12 @@ sub formbuilder_setup (@) {
 						my $name=shift;
 						length $name &&
 						$name=~/$config{wiki_file_regexp}/ &&
+						# don't allow registering
+						# accounts that look like
+						# openids, or email
+						# addresses, even if the
+						# file regexp allows it
+						$name!~/[\/:\@]/ &&
 						! IkiWiki::userinfo_get($name, "regdate");
 					},
 				);
@@ -299,7 +305,7 @@ sub formbuilder_setup (@) {
 						noimageinline => 1));
 			}
 			else {
-				$form->text("<a href=\"".
+				$form->text("<a rel=\"nofollow\" href=\"".
 					IkiWiki::cgiurl(do => "edit", page => $userpage).
 					"\">".gettext("Create your user page")."</a>");
 			}
@@ -319,16 +325,20 @@ sub formbuilder (@) {
 
 	if ($form->title eq "signin" || $form->title eq "register") {
 		if (($form->submitted && $form->validate) || $do_register) {
+			my $user_name = $form->field('name');
+
 			if ($form->submitted eq 'Login') {
-				$session->param("name", $form->field("name"));
+				$session->param("name", $user_name);
 				IkiWiki::cgi_postsignin($cgi, $session);
 			}
 			elsif ($form->submitted eq 'Create Account') {
-				my $user_name=$form->field('name');
+				my $email = $form->field('email');
+				my $password = $form->field('password');
+
 				if (IkiWiki::userinfo_setall($user_name, {
-				    	'email' => $form->field('email'),
+					'email' => $email,
 					'regdate' => time})) {
-					setpassword($user_name, $form->field('password'));
+					setpassword($user_name, $password);
 					$form->field(name => "confirm_password", type => "hidden");
 					$form->field(name => "email", type => "hidden");
 					$form->text(gettext("Account creation successful. Now you can Login."));
@@ -338,7 +348,6 @@ sub formbuilder (@) {
 				}
 			}
 			elsif ($form->submitted eq 'Reset Password') {
-				my $user_name=$form->field("name");
 				my $email=IkiWiki::userinfo_get($user_name, "email");
 				if (! length $email) {
 					error(gettext("No email address, so cannot email password reset instructions."));
@@ -388,8 +397,9 @@ sub formbuilder (@) {
 	elsif ($form->title eq "preferences") {
 		if ($form->submitted eq "Save Preferences" && $form->validate) {
 			my $user_name=$form->field('name');
-			if (defined $form->field("password") && length $form->field("password")) {
-				setpassword($user_name, $form->field('password'));
+			my $password=$form->field('password');
+			if (defined $password && length $password) {
+				setpassword($user_name, $password);
 			}
 		}
 	}