response

[ikiwiki.git] / IkiWiki / CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 97ca6714f3cb78c05eb4428df08caa139f69e42e..6f5d8aee65d2a8b20333be29fba60df15786f569 100644 (file)
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -14,9 +14,10 @@ sub printheader ($) { #{{{
        
        if ($config{sslcookie}) {
                print $session->header(-charset => 'utf-8',
-                       -cookie => $session->cookie(-secure => 1));
+                       -cookie => $session->cookie(-httponly => 1, -secure => 1));
        } else {
-               print $session->header(-charset => 'utf-8');
+               print $session->header(-charset => 'utf-8',
+                       -cookie => $session->cookie(-httponly => 1));
        }
 } #}}}
 
@@ -226,12 +227,11 @@ sub cgi_prefs ($$) { #{{{
        $form->field(name => "sid", type => "hidden", value => $session->id,
                force => 1);
        $form->field(name => "email", size => 50, fieldset => "preferences");
-       $form->field(name => "banned_users", size => 50,
-               fieldset => "admin");
        
        my $user_name=$session->param("name");
 
        # XXX deprecated, should be removed eventually
+       $form->field(name => "banned_users", size => 50, fieldset => "admin");
        if (! is_admin($user_name)) {
                $form->field(name => "banned_users", type => "hidden");
        }
@@ -776,7 +776,7 @@ sub cgi (;$$) { #{{{
        }
 } #}}}
 
-# Does not need tobe called directly; all errors will go through here.
+# Does not need to be called directly; all errors will go through here.
 sub cgierror ($) { #{{{
        my $message=shift;