});
decode_form_utf8($form);
- # This untaint is safe because we check file_pruned.
- my $page=$form->field('page');
+ # This untaint is safe because we check file_pruned and
+ # wiki_file_regexp.
+ my ($page)=$form->field('page')=~/$config{wiki_file_regexp}/;
$page=possibly_foolish_untaint($page);
my $absolute=($page =~ s#^/+##);
if (! defined $page || ! length $page ||
error("bad page name");
}
- my $baseurl=$config{url}."/".htmlpage($page);
-
+ my $baseurl = urlto($page, undef, 1);
+
my $from;
if (defined $form->field('from')) {
($from)=$form->field('from')=~/$config{wiki_file_regexp}/;
if ($form->submitted eq "Cancel") {
if ($form->field("do") eq "create" && defined $from) {
- redirect($q, "$config{url}/".htmlpage($from));
+ redirect($q, urlto($from, undef, 1));
}
elsif ($form->field("do") eq "create") {
redirect($q, $config{url});
}
else {
- redirect($q, "$config{url}/".htmlpage($page));
+ redirect($q, urlto($page, undef, 1));
}
exit;
}
@page_locs=$page;
}
else {
- redirect($q, "$config{url}/".htmlpage($page));
+ redirect($q, urlto($page, undef, 1));
exit;
}
}
else {
# The trailing question mark tries to avoid broken
# caches and get the most recent version of the page.
- redirect($q, "$config{url}/".htmlpage($page)."?updated");
+ redirect($q, urlto($page, undef, 1)."?updated");
}
}
use warnings;
use strict;
use IkiWiki 2.00;
+use Encode;
sub import { #{{{
hook(type => "getsetup", id => "recentchanges", call => \&getsetup);
# page they link to is deleted, or newly created, or
# changes for whatever reason. So this CGI handles that
# dynamic linking stuff.
- my $page=$cgi->param("page");
+ my $page=decode_utf8($cgi->param("page"));
if (!defined $page) {
error("missing page parameter");
}
"</p>");
}
else {
- if (defined pagetype($link)) {
- IkiWiki::redirect($cgi, $config{url}.IkiWiki::beautify_urlpath("/".htmlpage($link)));
- }
- else {
- IkiWiki::redirect($cgi, $config{url}.IkiWiki::beautify_urlpath("/".$link));
- }
+ IkiWiki::redirect($cgi, urlto($link, undef, 1));
}
exit;
},
} #}}}
-sub check_canremove ($$$$) { #{{{
+sub check_canremove ($$$) { #{{{
my $page=shift;
my $q=shift;
my $session=shift;
- my $attachment=shift;
# Must be a known source file.
if (! exists $pagesources{$page}) {
# Must be editiable.
IkiWiki::check_canedit($page, $q, $session);
- # This is sorta overkill, but better safe
- # than sorry. If a user can't upload an
- # attachment, don't let them delete it.
- if ($attachment) {
- IkiWiki::Plugin::attachment::check_canattach($session, $page, $file);
+ # If a user can't upload an attachment, don't let them delete it.
+ # This is sorta overkill, but better safe than sorry.
+ if (! defined IkiWiki::pagetype($pagesources{$page})) {
+ if (IkiWiki::Plugin::attachment->can("check_canattach")) {
+ IkiWiki::Plugin::attachment::check_canattach($session, $page, $file);
+ }
+ else {
+ error("renaming of attachments is not allowed");
+ }
}
} #}}}
my $attachment=shift;
my @pages=@_;
- check_canremove($_, $q, $session, $attachment) foreach @pages;
+ check_canremove($_, $q, $session) foreach @pages;
# Save current form state to allow returning to it later
# without losing any edits.
# and that the user is allowed to edit(/remove) it.
my @files;
foreach my $page (@pages) {
- check_canremove($page, $q, $session, $q->param("attachment"));
+ check_canremove($page, $q, $session);
# This untaint is safe because of the
# checks performed above, which verify the
if (! exists $pagesources{$parent}) {
$parent="index";
}
- IkiWiki::redirect($q, $config{url}."/".htmlpage($parent));
+ IkiWiki::redirect($q, urlto($parent, '/', 1));
}
}
else {