X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/384327bfd0b3b0362a61f30f81b06895238ee360..2469114dc567fb3a52609b589d85eb28af0cd670:/IkiWiki/CGI.pm?ds=sidebyside

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 4a16856ec..8201351ca 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -28,6 +28,8 @@ sub page_locked ($$;$) { #{{{
 sub cgi_recentchanges ($) { #{{{
 	my $q=shift;
 	
+	unlockwiki();
+
 	my $template=HTML::Template->new(
 		filename => "$config{templatedir}/recentchanges.tmpl"
 	);
@@ -36,6 +38,8 @@ sub cgi_recentchanges ($) { #{{{
 		indexlink => indexlink(),
 		wikiname => $config{wikiname},
 		changelog => [rcs_recentchanges(100)],
+		styleurl => styleurl(),
+		baseurl => "$config{url}/",
 	);
 	print $q->header, $template->output;
 } #}}}
@@ -47,7 +51,7 @@ sub cgi_signin ($$) { #{{{
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
 		title => "signin",
-		fields => [qw(do page from name password confirm_password email)],
+		fields => [qw(do title page subpage from name password confirm_password email)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -59,16 +63,19 @@ sub cgi_signin ($$) { #{{{
 		required => 'NONE',
 		javascript => 0,
 		params => $q,
-		action => $q->request_uri,
+		action => $config{cgiurl},
 		header => 0,
 		template => (-e "$config{templatedir}/signin.tmpl" ?
-		              "$config{templatedir}/signin.tmpl" : "")
+		              "$config{templatedir}/signin.tmpl" : ""),
+		stylesheet => styleurl(),
 	);
 	
 	$form->field(name => "name", required => 0);
 	$form->field(name => "do", type => "hidden");
 	$form->field(name => "page", type => "hidden");
+	$form->field(name => "title", type => "hidden");
 	$form->field(name => "from", type => "hidden");
+	$form->field(name => "subpage", type => "hidden");
 	$form->field(name => "password", type => "password", required => 0);
 	$form->field(name => "confirm_password", type => "password", required => 0);
 	$form->field(name => "email", required => 0);
@@ -140,10 +147,13 @@ sub cgi_signin ($$) { #{{{
 			$session->param("name", $form->field("name"));
 			if (defined $form->field("do") && 
 			    $form->field("do") ne 'signin') {
-				print $q->redirect(
-					"$config{cgiurl}?do=".$form->field("do").
-					"&page=".$form->field("page").
-					"&from=".$form->field("from"));;
+				print $q->redirect(cgiurl(
+					do => $form->field("do"),
+					page => $form->field("page"),
+					title => $form->field("title"),
+					subpage => $form->field("subpage"),
+					from => $form->field("from"),
+				));
 			}
 			else {
 				print $q->redirect($config{url});
@@ -219,9 +229,10 @@ sub cgi_prefs ($$) { #{{{
 		required => 'NONE',
 		javascript => 0,
 		params => $q,
-		action => $q->request_uri,
+		action => $config{cgiurl},
 		template => (-e "$config{templatedir}/prefs.tmpl" ?
-		              "$config{templatedir}/prefs.tmpl" : "")
+		              "$config{templatedir}/prefs.tmpl" : ""),
+		stylesheet => styleurl(),
 	);
 	my @buttons=("Save Preferences", "Logout", "Cancel");
 	
@@ -271,11 +282,9 @@ sub cgi_editpage ($$) { #{{{
 	my $q=shift;
 	my $session=shift;
 
-	loadindex();
-	
 	eval q{use CGI::FormBuilder};
 	my $form = CGI::FormBuilder->new(
-		fields => [qw(do rcsinfo from page content comments)],
+		fields => [qw(do rcsinfo subpage from page content comments)],
 		header => 1,
 		method => 'POST',
 		validate => {
@@ -284,29 +293,34 @@ sub cgi_editpage ($$) { #{{{
 		required => [qw{content}],
 		javascript => 0,
 		params => $q,
-		action => $q->request_uri,
+		action => $config{cgiurl},
 		table => 0,
 		template => "$config{templatedir}/editpage.tmpl"
 	);
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
-	my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
-	if (! defined $page || ! length $page || $page ne $q->param('page') ||
+	# This untaint is safe because titlepage removes any problimatic
+	# characters.
+	my ($page)=titlepage(possibly_foolish_untaint(lc($form->param('page'))));
+	if (! defined $page || ! length $page ||
 	    $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
 		error("bad page name");
 	}
 	$page=lc($page);
 	
 	my $file=$page.$config{default_pageext};
-	my $newfile=1;
 	if (exists $pagesources{lc($page)}) {
 		$file=$pagesources{lc($page)};
-		$newfile=0;
+	}
+	my $newfile=0;
+	if (! -e "$config{srcdir}/$file") {
+		$newfile=1;
 	}
 
 	$form->field(name => "do", type => 'hidden');
 	$form->field(name => "from", type => 'hidden');
 	$form->field(name => "rcsinfo", type => 'hidden');
+	$form->field(name => "subpage", type => 'hidden');
 	$form->field(name => "page", value => "$page", force => 1);
 	$form->field(name => "comments", type => "text", size => 80);
 	$form->field(name => "content", type => "textarea", rows => 20,
@@ -315,6 +329,8 @@ sub cgi_editpage ($$) { #{{{
 	$form->tmpl_param("indexlink", indexlink());
 	$form->tmpl_param("helponformattinglink",
 		htmllink("", "HelpOnFormatting", 1));
+	$form->tmpl_param("styleurl", styleurl());
+	$form->tmpl_param("baseurl", "$config{url}/");
 	if (! $form->submitted) {
 		$form->field(name => "rcsinfo", value => rcs_prepedit($file),
 			force => 1);
@@ -350,14 +366,17 @@ sub cgi_editpage ($$) { #{{{
 			my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/;
 			if (! defined $from || ! length $from ||
 			    $from ne $form->param('from') ||
-			    $from=~/$config{wiki_file_prune_regexp}/ || $from=~/^\//) {
+			    $from=~/$config{wiki_file_prune_regexp}/ ||
+			    $from=~/^\// ||
+			    $form->submitted eq "Preview") {
 				@page_locs=$best_loc=$page;
 			}
 			else {
 				my $dir=$from."/";
 				$dir=~s![^/]+/$!!;
 				
-				if ($page eq 'discussion') {
+				if ((defined $form->param('subpage') && length $form->param('subpage')) ||
+				    $page eq 'discussion') {
 					$best_loc="$from/$page";
 				}
 				else {
@@ -380,7 +399,7 @@ sub cgi_editpage ($$) { #{{{
 			$form->tmpl_param("page_select", 1);
 			$form->field(name => "page", type => 'select',
 				options => \@page_locs, value => $best_loc);
-			$form->title("creating $page");
+			$form->title("creating ".pagetitle($page));
 		}
 		elsif ($form->field("do") eq "edit") {
 			page_locked($page, $session);
@@ -388,7 +407,7 @@ sub cgi_editpage ($$) { #{{{
 			    ! length $form->field('content')) {
 				my $content="";
 				if (exists $pagesources{lc($page)}) {
-					$content=readfile("$config{srcdir}/$pagesources{lc($page)}");
+					$content=readfile(srcfile($pagesources{lc($page)}));
 					$content=~s/\n/\r\n/g;
 				}
 				$form->field(name => "content", value => $content,
@@ -396,7 +415,7 @@ sub cgi_editpage ($$) { #{{{
 			}
 			$form->tmpl_param("page_select", 0);
 			$form->field(name => "page", type => 'hidden');
-			$form->title("editing $page");
+			$form->title("editing ".pagetitle($page));
 		}
 		
 		print $form->render(submit => \@buttons);
@@ -408,7 +427,7 @@ sub cgi_editpage ($$) { #{{{
 		my $content=$form->field('content');
 		$content=~s/\r\n/\n/g;
 		$content=~s/\r/\n/g;
-		writefile("$config{srcdir}/$file", $content);
+		writefile($file, $config{srcdir}, $content);
 		
 		my $message="web commit ";
 		if (length $session->param("name")) {
@@ -458,6 +477,12 @@ sub cgi_editpage ($$) { #{{{
 	}
 } #}}}
 
+sub cgi_hyperestraier () { #{{{
+	# only works for GET requests
+	chdir("$config{wikistatedir}/hyperestraier") || error("chdir: $!");
+	exec("./".basename($config{cgiurl})) || error("estseek.cgi failed");
+} #}}}
+
 sub cgi () { #{{{
 	eval q{use CGI};
 	eval q{use CGI::Session};
@@ -466,26 +491,34 @@ sub cgi () { #{{{
 	
 	my $do=$q->param('do');
 	if (! defined $do || ! length $do) {
-		error("\"do\" parameter missing");
+		if (defined $q->param('phrase')) {
+			cgi_hyperestraier();
+		}
+		else {
+			error("\"do\" parameter missing");
+		}
 	}
 	
-	# This does not need a session.
+	# Things that do not need a session.
 	if ($do eq 'recentchanges') {
 		cgi_recentchanges($q);
 		return;
 	}
+	elsif ($do eq 'hyperestraier') {
+		cgi_hyperestraier();
+	}
+	
+	CGI::Session->name("ikiwiki_session_$config{wikiname}");
 	
-	CGI::Session->name("ikiwiki_session");
-
 	my $oldmask=umask(077);
-	my $session = CGI::Session->new("driver:db_file", $q,
+	my $session = CGI::Session->new("driver:DB_File", $q,
 		{ FileName => "$config{wikistatedir}/sessions.db" });
 	umask($oldmask);
 	
 	# Everything below this point needs the user to be signed in.
-	if ((! $config{anonok} && ! defined $session->param("name") ||
-	     ! defined $session->param("name") ||
-	     ! userinfo_get($session->param("name"), "regdate")) || $do eq 'signin') {
+	if ((! $config{anonok} &&
+	     (! defined $session->param("name") ||
+	     ! userinfo_get($session->param("name"), "regdate"))) || $do eq 'signin') {
 		cgi_signin($q, $session);
 	
 		# Force session flush with safe umask.
@@ -502,6 +535,20 @@ sub cgi () { #{{{
 	elsif ($do eq 'prefs') {
 		cgi_prefs($q, $session);
 	}
+	elsif ($do eq 'blog') {
+		my $page=titlepage(lc($q->param('title')));
+		# if the page already exists, munge it to be unique
+		my $from=$q->param('from');
+		my $add="";
+		while (exists $oldpagemtime{"$from/$page$add"}) {
+			$add=1 unless length $add;
+			$add++;
+		}
+		$q->param('page', $page.$add);
+		# now run same as create
+		$q->param('do', 'create');
+		cgi_editpage($q, $session);
+	}
 	else {
 		error("unknown do parameter");
 	}