}
} #}}}
-sub cgi_editpage ($$) { #{{{
+sub cgi_editpage ($$;$) { #{{{
my $q=shift;
my $session=shift;
+ my $blogpost=shift;
my @fields=qw(do rcsinfo subpage from page type editcontent comments
newfile);
# characters.
my ($page)=$form->field('page');
$page=titlepage(possibly_foolish_untaint($page));
+ if ($blogpost) {
+ $page=~s/(\/)/"__".ord($1)."__"/eg;
+ }
if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) {
error("bad page name");
}
}
elsif ($do eq 'blog') {
my $page=decode_utf8($q->param('title'));
- $page=~s/\// /g; # remove slashes to avoid accidental subpages
# if the page already exists, munge it to be unique
my $from=$q->param('from');
my $add="";
$add++;
}
$q->param('page', $page.$add);
- # now run same as create
+ # now run same as create, except escape slashes too
$q->param('do', 'create');
- cgi_editpage($q, $session);
+ cgi_editpage($q, $session, 1);
}
elsif ($do eq 'postsignin') {
error(gettext("login failed, perhaps you need to turn on cookies?"));