run_hooks(pagetemplate => sub {
shift->(page => "", destpage => "", template => $template);
});
+ templateactions($template, "");
$template->param(
dynamic => 1,
- have_actions => 0, # force off
title => $title,
wikiname => $config{wikiname},
content => $content,
html5 => $config{html5},
@_,
);
-
+
return $template->output;
}
+sub templateactions ($$) {
+ my $template=shift;
+ my $page=shift;
+
+ my $have_actions=0;
+ my @actions;
+ run_hooks(pageactions => sub {
+ push @actions, map { { action => $_ } }
+ grep { defined } shift->(page => $page);
+ });
+ $template->param(actions => \@actions);
+
+ if ($config{cgiurl} && exists $hooks{auth}) {
+ $template->param(prefsurl => cgiurl(do => "prefs"));
+ $have_actions=1;
+ }
+
+ if ($have_actions || @actions) {
+ $template->param(have_actions => 1);
+ }
+}
+
sub hook (@) {
my %param=@_;
$form->text(gettext("Preferences saved."));
}
- showform($form, $buttons, $session, $q);
+ showform($form, $buttons, $session, $q,
+ prefsurl => "", # avoid showing the preferences link
+ );
}
sub cgi_custom_failure ($$$) {
}
}
-# Enable the recentchanges link on wiki pages.
+# Enable the recentchanges link.
sub pagetemplate (@) {
my %params=@_;
my $template=$params{template};
my $page=$params{page};
if (defined $config{recentchangespage} && $config{rcs} &&
- $page ne $config{recentchangespage} &&
- $template->query(name => "recentchangesurl")) {
+ $template->query(name => "recentchangesurl") &&
+ $page ne $config{recentchangespage}) {
$template->param(recentchangesurl => urlto($config{recentchangespage}, $page));
$template->param(have_actions => 1);
}
fields => [qw{do page}],
);
+ $f->field(name => "sid", type => "hidden", value => $session->id,
+ force => 1);
$f->field(name => "do", type => "hidden", value => "remove", force => 1);
return $f, ["Remove", "Cancel"];
postremove($session);
}
elsif ($form->submitted eq 'Remove' && $form->validate) {
+ IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+
my @pages=$form->field("page");
# Validate removal by checking that the page exists,
);
$f->field(name => "do", type => "hidden", value => "rename", force => 1);
+ $f->field(name => "sid", type => "hidden", value => $session->id,
+ force => 1);
$f->field(name => "page", type => "hidden", value => $page, force => 1);
$f->field(name => "new_name", value => pagetitle($page, 1), size => 60);
if (!$q->param("attachment")) {
postrename($session);
}
elsif ($form->submitted eq 'Rename' && $form->validate) {
+ IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+
# Queue of rename actions to perfom.
my @torename;
# Avoid omega interpreting anything in the misctemplate
# as an omegascript command.
- my $misctemplate=IkiWiki::misctemplate(gettext("search"), "\0");
+ my $misctemplate=IkiWiki::misctemplate(gettext("search"), "\0",
+ searchform => "", # avoid showing the small search form
+ );
eval q{use HTML::Entities};
error $@ if $@;
$misctemplate=encode_entities($misctemplate, '\$');
IkiWiki::unlockwiki();
# Print the top part of a standard misctemplate,
- # then show the rebuild or refresh.
- my $divider="xxx";
+ # then show the rebuild or refresh, live.
+ my $divider="\0";
my $html=IkiWiki::misctemplate("setup", $divider);
IkiWiki::printheader($session);
my ($head, $tail)=split($divider, $html, 2);
$template=template('page.tmpl',
blind_cache => 1);
}
- my $actions=0;
+ my $actions=0;
if (length $config{cgiurl}) {
if (IkiWiki->can("cgi_editpage")) {
$template->param(editurl => cgiurl(do => "edit", page => $page));
$actions++;
}
- if (exists $hooks{auth}) {
- $template->param(prefsurl => cgiurl(do => "prefs"));
- $actions++;
- }
}
-
if (defined $config{historyurl} && length $config{historyurl}) {
my $u=$config{historyurl};
$u=~s/\[\[file\]\]/$pagesources{$page}/g;
$actions++;
}
}
-
- my @actions;
- run_hooks(pageactions => sub {
- push @actions, map { { action => $_ } }
- grep { defined } shift->(page => $page);
- });
- $template->param(actions => \@actions);
-
- if ($actions || @actions) {
+ if ($actions) {
$template->param(have_actions => 1);
}
+ templateactions($template, $page);
my @backlinks=sort { $a->{page} cmp $b->{page} } backlinks($page);
my ($backlinks, $more_backlinks);
(And also negative years.)
* calendar: Display year in title of month calendar.
* Use xhtml friendly pubdate setting.
+ * remove, rename: Add guards against XSRF attacks.
-- Joey Hess <joeyh@debian.org> Wed, 05 May 2010 18:07:29 -0400
# we don't want to pull in the normal underlays
underlaydirbase => "underlays/empty",
underlaydir => "underlays/empty",
+ disable_plugins => [qw{openid}], # needs special underlay
discussion => 0,
locale => '',
verbose => 1,
</TMPL_IF>
</span>
</span>
-<TMPL_UNLESS DYNAMIC>
<TMPL_IF SEARCHFORM>
<TMPL_VAR SEARCHFORM>
</TMPL_IF>
-</TMPL_UNLESS>
<TMPL_IF HTML5></header><TMPL_ELSE></div></TMPL_IF>
<TMPL_IF HAVE_ACTIONS>