html validation fixes:
[ikiwiki.git] / IkiWiki / CGI.pm
index 89047a9525f43957e2c7ab08425cefcc7979ea1a..52da67b9a13453ba4c83fc81edc474a4da89d360 100644 (file)
@@ -144,12 +144,13 @@ sub cgi_signin ($$) { #{{{
                        $session->param("name", $form->field("name"));
                        if (defined $form->field("do") && 
                            $form->field("do") ne 'signin') {
                        $session->param("name", $form->field("name"));
                        if (defined $form->field("do") && 
                            $form->field("do") ne 'signin') {
-                               print $q->redirect(
-                                       "$config{cgiurl}?do=".$form->field("do").
-                                       "&page=".$form->field("page").
-                                       "&title=".$form->field("title").
-                                       "&subpage=".$form->field("subpage").
-                                       "&from=".$form->field("from"));;
+                               print $q->redirect(cgiurl(
+                                       do => $form->field("do"),
+                                       page => $form->field("page"),
+                                       title => $form->field("title"),
+                                       subpage => $form->field("subpage"),
+                                       from => $form->field("from"),
+                               ));
                        }
                        else {
                                print $q->redirect($config{url});
                        }
                        else {
                                print $q->redirect($config{url});
@@ -294,8 +295,10 @@ sub cgi_editpage ($$) { #{{{
        );
        my @buttons=("Save Page", "Preview", "Cancel");
        
        );
        my @buttons=("Save Page", "Preview", "Cancel");
        
-       my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
-       if (! defined $page || ! length $page || $page ne $q->param('page') ||
+       # This untaint is safe because titlepage removes any problimatic
+       # characters.
+       my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+       if (! defined $page || ! length $page ||
            $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
                error("bad page name");
        }
            $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
                error("bad page name");
        }
@@ -364,7 +367,7 @@ sub cgi_editpage ($$) { #{{{
                                my $dir=$from."/";
                                $dir=~s![^/]+/$!!;
                                
                                my $dir=$from."/";
                                $dir=~s![^/]+/$!!;
                                
-                               if (length $form->param('subpage') ||
+                               if ((defined $form->param('subpage') && length $form->param('subpage')) ||
                                    $page eq 'discussion') {
                                        $best_loc="$from/$page";
                                }
                                    $page eq 'discussion') {
                                        $best_loc="$from/$page";
                                }
@@ -483,8 +486,8 @@ sub cgi () { #{{{
                return;
        }
        
                return;
        }
        
-       CGI::Session->name("ikiwiki_session");
-
+       CGI::Session->name("ikiwiki_session_$config{wikiname}");
+       
        my $oldmask=umask(077);
        my $session = CGI::Session->new("driver:db_file", $q,
                { FileName => "$config{wikistatedir}/sessions.db" });
        my $oldmask=umask(077);
        my $session = CGI::Session->new("driver:db_file", $q,
                { FileName => "$config{wikistatedir}/sessions.db" });
@@ -511,12 +514,8 @@ sub cgi () { #{{{
                cgi_prefs($q, $session);
        }
        elsif ($do eq 'blog') {
                cgi_prefs($q, $session);
        }
        elsif ($do eq 'blog') {
-               # munge page name to be valid, no matter what freeform text
-               # is entered
-               my $page=lc($q->param('title'));
-               $page=~y/ /_/;
-               $page=~s/([^-A-Za-z0-9_:+\/])/"__".ord($1)."__"/eg;
-               # if the page already exist, munge it to be unique
+               my $page=titlepage(lc($q->param('title')));
+               # if the page already exists, munge it to be unique
                my $from=$q->param('from');
                my $add="";
                while (exists $oldpagemtime{"$from/$page$add"}) {
                my $from=$q->param('from');
                my $add="";
                while (exists $oldpagemtime{"$from/$page$add"}) {