were titlepage escaped in the urls, and then doubly escaped by the CGI
when editing. To fix this, I removed the titlepage escaping in the edit
urls.
* That means that *every edit link* on the wiki is potentially changed.
Rebuilding wikis on upgrade to this version therefore necessary; enabled
that in postinst.
use strict;
use Encode;
use HTML::Entities;
use strict;
use Encode;
use HTML::Entities;
use open qw{:utf8 :std};
use vars qw{%config %links %oldlinks %oldpagemtime %pagectime %pagecase
use open qw{:utf8 :std};
use vars qw{%config %links %oldlinks %oldpagemtime %pagectime %pagecase
sub cgiurl (@) { #{{{
my %params=@_;
sub cgiurl (@) { #{{{
my %params=@_;
- return $config{cgiurl}."?".join("&", map "$_=$params{$_}", keys %params);
+ return $config{cgiurl}."?".
+ join("&", map $_."=".uri_escape($params{$_}), keys %params);
} #}}}
sub baseurl (;$) { #{{{
} #}}}
sub baseurl (;$) { #{{{
if (! grep { $_ eq $bestlink } map { @{$_} } values %renderedfiles) {
return $linktext unless length $config{cgiurl};
return "<span><a href=\"".
if (! grep { $_ eq $bestlink } map { @{$_} } values %renderedfiles) {
return $linktext unless length $config{cgiurl};
return "<span><a href=\"".
- cgiurl(do => "create", page => lc($link), from => $page).
+ cgiurl(
+ do => "create",
+ page => pagetitle(lc($link), 1),
+ from => $page
+ ).
"\">?</a>$linktext</span>"
}
"\">?</a>$linktext</span>"
}
-sub cgi_editpage ($$;$) { #{{{
+sub cgi_editpage ($$) { #{{{
my $q=shift;
my $session=shift;
my $q=shift;
my $session=shift;
my @fields=qw(do rcsinfo subpage from page type editcontent comments
newfile);
my @fields=qw(do rcsinfo subpage from page type editcontent comments
newfile);
# characters.
my ($page)=$form->field('page');
$page=titlepage(possibly_foolish_untaint($page));
# characters.
my ($page)=$form->field('page');
$page=titlepage(possibly_foolish_untaint($page));
- if ($blogpost) {
- $page=~s/(\/)/"__".ord($1)."__"/eg;
- }
if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
error("bad page name");
}
if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
error("bad page name");
}
$form->field(name => "from", type => 'hidden');
$form->field(name => "rcsinfo", type => 'hidden');
$form->field(name => "subpage", type => 'hidden');
$form->field(name => "from", type => 'hidden');
$form->field(name => "rcsinfo", type => 'hidden');
$form->field(name => "subpage", type => 'hidden');
- $form->field(name => "page", value => $page, force => 1);
+ $form->field(name => "page", value => pagetitle($page, 1), force => 1);
$form->field(name => "type", value => $type, force => 1);
$form->field(name => "comments", type => "text", size => 80);
$form->field(name => "editcontent", type => "textarea", rows => 20,
$form->field(name => "type", value => $type, force => 1);
$form->field(name => "comments", type => "text", size => 80);
$form->field(name => "editcontent", type => "textarea", rows => 20,
}
elsif ($do eq 'blog') {
my $page=decode_utf8($q->param('title'));
}
elsif ($do eq 'blog') {
my $page=decode_utf8($q->param('title'));
+ $page=~s/\///g; # no slashes in blog posts
# if the page already exists, munge it to be unique
my $from=$q->param('from');
my $add="";
# if the page already exists, munge it to be unique
my $from=$q->param('from');
my $add="";
$add++;
}
$q->param('page', $page.$add);
$add++;
}
$q->param('page', $page.$add);
- # now run same as create, except escape slashes too
+ # now run same as create
$q->param('do', 'create');
$q->param('do', 'create');
- cgi_editpage($q, $session, 1);
+ cgi_editpage($q, $session);
}
elsif ($do eq 'postsignin') {
error(gettext("login failed, perhaps you need to turn on cookies?"));
}
elsif ($do eq 'postsignin') {
error(gettext("login failed, perhaps you need to turn on cookies?"));
}
if (length $config{cgiurl} && defined $type) {
$template->param(have_actions => 1);
}
if (length $config{cgiurl} && defined $type) {
$template->param(have_actions => 1);
- $template->param(editurl => cgiurl(do => "edit", page => $page));
+ $template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1)));
my $actions=0;
if (length $config{cgiurl}) {
my $actions=0;
if (length $config{cgiurl}) {
- $template->param(editurl => cgiurl(do => "edit", page => $page));
+ $template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1)));
$template->param(prefsurl => cgiurl(do => "prefs"));
if ($config{rcs}) {
$template->param(recentchangesurl => cgiurl(do => "recentchanges"));
$template->param(prefsurl => cgiurl(do => "prefs"));
if ($config{rcs}) {
$template->param(recentchangesurl => cgiurl(do => "recentchanges"));
+ikiwiki (1.45) unstable; urgency=low
+
+ Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
+ in /etc/ikiwiki/wikilist this will be done automatically when the Debian
+ package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 23:02:52 -0500
+
ikiwiki (1.44) unstable; urgency=low
ikiwiki (1.44) unstable; urgency=low
- The htmllink() function has changed slightly and plugins that use it may
- need to change how they call it. This function's first three parameters
- are unchanged, but additional options are now passed using named
- parameters. If you used htmllink with more than 3 parameters, you will
- need to change it. The plugin interface version has been increased to 1.02
- to reflect this change.
+ The htmllink() function has changed slightly and plugins that use it may
+ need to change how they call it. This function's first three parameters
+ are unchanged, but additional options are now passed using named
+ parameters. If you used htmllink with more than 3 parameters, you will
+ need to change it. The plugin interface version has been increased to 1.02
+ to reflect this change.
-- Joey Hess <joeyh@debian.org> Mon, 19 Feb 2007 21:10:12 -0500
-- Joey Hess <joeyh@debian.org> Mon, 19 Feb 2007 21:10:12 -0500
* Fix some nasty issues with page name escaping during previewing
(introduced in 1.44).
* Add a table plugin, derived from the one written by Victor Moral.
* Fix some nasty issues with page name escaping during previewing
(introduced in 1.44).
* Add a table plugin, derived from the one written by Victor Moral.
-
- -- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 06:26:51 -0500
+ * The underscore escaping support exposed a bug in edit links: Such links
+ were titlepage escaped in the urls, and then doubly escaped by the CGI
+ when editing. To fix this, I removed the titlepage escaping in the edit
+ urls.
+ * That means that *every edit link* on the wiki is potentially changed.
+ Rebuilding wikis on upgrade to this version therefore necessary; enabled
+ that in postinst.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 22:58:52 -0500
ikiwiki (1.44) unstable; urgency=low
ikiwiki (1.44) unstable; urgency=low
# Change this when some incompatible change is made that requires
# rebuilding all wikis.
# Change this when some incompatible change is made that requires
# rebuilding all wikis.
if [ "$1" = configure ] && \
dpkg --compare-versions "$2" lt "$firstcompat"; then
if [ "$1" = configure ] && \
dpkg --compare-versions "$2" lt "$firstcompat"; then
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-03-07 07:04-0500\n"
+"POT-Creation-Date: 2007-03-08 00:56-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "Preferences saved."
msgstr ""
msgid "Preferences saved."
msgstr ""
-#: ../IkiWiki/CGI.pm:344
+#: ../IkiWiki/CGI.pm:340
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#, perl-format
msgid "%s is not an editable page"
msgstr ""
-#: ../IkiWiki/CGI.pm:431 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:427 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:172 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr ""
#: ../IkiWiki/Plugin/inline.pm:172 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr ""
-#: ../IkiWiki/CGI.pm:477
+#: ../IkiWiki/CGI.pm:473
#, perl-format
msgid "creating %s"
msgstr ""
#, perl-format
msgid "creating %s"
msgstr ""
-#: ../IkiWiki/CGI.pm:494 ../IkiWiki/CGI.pm:530 ../IkiWiki/CGI.pm:574
+#: ../IkiWiki/CGI.pm:490 ../IkiWiki/CGI.pm:526 ../IkiWiki/CGI.pm:570
#, perl-format
msgid "editing %s"
msgstr ""
#, perl-format
msgid "editing %s"
msgstr ""
-#: ../IkiWiki/CGI.pm:671
+#: ../IkiWiki/CGI.pm:667
msgid "You are banned."
msgstr ""
msgid "You are banned."
msgstr ""
-#: ../IkiWiki/CGI.pm:702
+#: ../IkiWiki/CGI.pm:699
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
msgid "failed to run php"
msgstr ""
msgid "failed to run php"
msgstr ""
-#: ../IkiWiki/Plugin/table.pm:34
+#: ../IkiWiki/Plugin/table.pm:22
msgid "cannot find file"
msgstr ""
msgid "cannot find file"
msgstr ""
-#: ../IkiWiki/Plugin/table.pm:59
+#: ../IkiWiki/Plugin/table.pm:45
msgid "unknown data format"
msgstr ""
msgid "unknown data format"
msgstr ""
-#: ../IkiWiki/Plugin/table.pm:67
+#: ../IkiWiki/Plugin/table.pm:53
msgid "empty data"
msgstr ""
msgid "empty data"
msgstr ""
-#: ../IkiWiki/Plugin/table.pm:77
+#: ../IkiWiki/Plugin/table.pm:73
msgid "Direct data download"
msgstr ""
msgid "Direct data download"
msgstr ""
-#: ../IkiWiki/Plugin/table.pm:124
+#: ../IkiWiki/Plugin/table.pm:106
#, perl-format
msgid "parse fail at line %d: %s"
msgstr ""
#, perl-format
msgid "parse fail at line %d: %s"
msgstr ""
msgid "usage: ikiwiki [options] source dest"
msgstr ""
msgid "usage: ikiwiki [options] source dest"
msgstr ""
msgid "Must specify url to wiki with --url when using --cgi"
msgstr ""
msgid "Must specify url to wiki with --url when using --cgi"
msgstr ""
-#: ../IkiWiki.pm:149 ../IkiWiki.pm:150
+#: ../IkiWiki.pm:150 ../IkiWiki.pm:151
#. translators: preprocessor directive name,
#. translators: the second a page name, the
#. translators: third a number.
#. translators: preprocessor directive name,
#. translators: the second a page name, the
#. translators: third a number.
#, perl-format
msgid "%s preprocessing loop detected on %s at depth %i"
msgstr ""
#, perl-format
msgid "%s preprocessing loop detected on %s at depth %i"
msgstr ""